Is there an opensource library implementing DUKPT or ANSI X9.24 [closed]

Question

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.

Closed 8 years ago.

I'm tasked with implementing a decryption functionality against a device using the DUKPT protocol/scheme/algorithm.

The encryption algorithm itself is just DESede which is easy to work with and have good library support(JCE, BouncyCastle).

The problem is the DUKPT part. I have the Base Derivation Key(a shared secret), the Key Serial Number and the cipher text but I am not able to figure out what to do next.

As much as possible, I do not want to write my own implementation and I would prefer to use a well tested library instead.

Is there such a thing available?

Note: DUKPT = Derived Unique Key Per Transaction

Answer 1

I don't know exactly how DUKPT works, but using the excellent Thales Simulator Project, I took the DUKPT code and ported it to a Java library, my very own crypto-utils project.

Disclaimer: This was a learning exercise for myself and is NOT production code. It may be of help

Answer 2

To implement security using symmentric keys only, an HSM is required - not for performance reasons, but because in software there's no way to store the key securely. So you won't find much in terms of well supported software that implements DUKPT, because it has no practical use.