Key checksum value
In cryptography, a Key Checksum Value is the checksum of a cryptographic key. It is used to validate the integrity of the key or compare keys without knowing their actual values. The KCV is computed by encrypting a block of bytes, each with value '00' or '01', with the cryptographic key and retaining the first 6 hexadecimal characters of the encrypted result. It is used in key management in different ciphering devices, such as SIM-cards or Hardware Security Modules.
In the GlobalPlatform technical specifications the KCV is defined for DES/3DES and AES keys as follows:
The same definition is used by the GSMA.
KCV for symmetric key management in retail financial services
The payments cards industry uses the following definition, as documented in requirement 15-1 of PCI PIN Security standard. The same definitions can also be found in the ASC X9 standards under Retail Financial Services Symmetric Key Management Part 1Check values may be computed by two methods. TDEA may use either method. AES must only use the CMAC method. In the first method, check values are computed by encrypting an all binary zeros block using the key or component as the encryption key, using the leftmost n-bits of the result; where n is at most 24 bits. In the second method the KCV is calculated by MACing an all binary zeros block using the CMAC algorithm as specified in ISO 9797-1. The check value will be the leftmost n-bits of the result, where n is at most 40 bits. The block cipher used in the CMAC function is the same as the block cipher of the key itself. A TDEA key or a component of a TDEA key will be MACed using the TDEA block cipher, while a 128-bit AES key or component will be MACed using the AES-128 block cipher.