# Appendix G How to Pair With a Cryptera Encrypting PIN Pad Some of the commands and notifications described in this application group are designed to support an external Cryptera Encrypting PIN Pad (EPP). To use these functions, the host software must first serve as a broker to pair oDynamo with the Encrypting PIN Pad. * Be aware that dismounting the EPP erases all pairing information. * Pairing can happen in the field, usually after installation or replacement of the EPP or SCR. Pairing always starts at Step 1. * To use the Cryptera EPP, oDynamo must have the Device Signing Keys and certificate installed by the manufacturer. Older devices do not support use of the EPP, even when upgraded in the field with the latest firmware. The host can also check this using Command 0x01::0x04 - Get Device Status and checking the response for tag DF52. If byte 1, bit 6 =1, the device can be used with an EPP. For additional detail, see the EPP documentation provided by Cryptera. To pair oDynamo with a Cryptera Encrypting PIN Pad, follow these steps: * The operator puts the EPP into the Pre-Activated or Activated state. * The host starts the pairing process by sending the EPP Command START\_EXCHANGE (no parameters), Response = P1 P2 P3. If P1=OK, use the entire response (P1P2P3) in the next step. * The host sends oDynamo Command = Command 0x02::0x0A - EPP Pairing Certificate Exchange (C4 = P1P2P3). Make sure C3 value=0 in the response to confirm success. Use the data in C4 (excluding the tag and length) in the next step. * The host sends the EPP Command GENERATE\_KEK using the data from the previous step as the parameters. Response = P1 P2 P3. If P1=OK, use the entire response (P1P2P3) for the next step. * The host sends oDynamo Command 0x02::0x0C - EPP Pairing Load KEK (C4 = data from the previous step). Check the oDynamo response to make sure C3 value is 0x00 = OK before proceeding. * The host sends the EPP Command FETCH\_KEY (P1 = “LINK\_KGK”) and receives a response P1 P2. If P1 = OK, use the data in P2 for the next step. * The host sends oDynamo Command 0x02::0x0D - EPP Pairing Load Derivation Key (C4 = the data from the previous step). Check the oDynamo response to verify C3 value is zero. C4 data is a 3 byte Key Check Value. Save this for the final step. * The host sends the EPP Command GET\_KCV (“LINK\_KGK”). The EPP responds with parameters = Status, KCVZERO, KCVSELF. * The host compares the 3 byte Key Check Value from oDynamo with the 3-byte KCVZERO value from the previous step. If they match, pairing is complete. * The host can re-check the pairing status at any time by comparing key check values (KCV). The host retrieves the KCV from oDynamo by sending Command 0x02::0x0E - Get Key / Certificate Information with info ID=7, and retrieves a corresponding KCV from the EPP using GET\_KCV (“LINK\_KGK”) like the steps above. If the values match, pairing is confirmed. If they don’t match, repeat the full pairing process described above. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://developer.magtek.com/hardware/oem-readers-and-components/oem-readers/odynamo/documentation/programmers-manuals/programmers-manual-commands/appendices/appendix-g-how-to-pair-with-a-cryptera-encrypting-pin-pad.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.