DES and AES Decryption

Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are both supported in the Source Technologies Secure MICR Printers. The minimum Code Level support for AES is 8.5j. Levels 8.5i. and lower only support DES.

DES originated at IBM in 1977 and was adopted by the U.S. Department of Defense. The controlling standards for DES are ANSI X3.92 and X3.106 and in the Federal FIPS 46-3 standard. An alternative to DES called Triple DES is not supported in our Secure MICR printers.

AES is documented in a Federal Information Processing Standard (FIPS) standard FIPS 197, dated 11/26/2001. Three key sizes are documented in the standard, 128-bit, 192-bit, & 256-bit. We currently only support the most commonly used 128-bit key size.

The algorithm selected for AES is Rijndael. Developed in Belgium, an English pronunciation alternative is “Rain Doll”. In addition to U.S. Government implementations, it is anticipated AES will be adopted by businesses, organizations, institutions, and individuals outside of government, and outside of the United States as was the case for DES.

We only support decryption for DES and AES. Encrypted printer data streams can be decrypted using the key stored some time prior to the message. Keys for both DES and AES are stored separately so that both AES and DES are supported simultaneously. The keys messages themselves can be encrypted with either DES or AES for either DES or AES. Only one DES and one AES key exists at any one point in time. Old keys are not saved. To change either a DES or an AES key requires the MICR Password Command.

The Secure MICR printer does not have any capability to encrypt a return or Bi-directional message.

Decryption Commands

Decryption requires printer processing overhead. In our testing encrypted printer data steams near or below 100K bytes per page do not seem to affect printer speed in term of pages per minute or first page out timings. Some testing done with print files from 500K to 1 Meg per page showed up to a 30% degradation in speed. It is therefore recommended the encryption be reserved for the confidential portions of the data when large file sizes are anticipated.

Set DES Decryption Key Command &%STSETDESKEY<16 Hex Characters>$

The command requires a MICR Password Command be sent prior to the Key Command. The Key Command could itself be encrypted and then decrypted in the printer. The command requires the key data be in a double-byte hex format. The 8 byte value must be converted to the 16 byte format. The only values that can be contained in the 16 command

Secure MICR Printer User’s Guide

24

© Source Technologies

September 2005

All Rights Reserved

Page 28
Image 28
Source Technologies ST9530 manual DES and AES Decryption, Decryption Commands