Gap
PIN Block Translate Encrypted currently only supports TDES-ECB with ISO 9564 formats 0, 1, and 3 (64-bit block). ISO Format 4 (128-bit AES block, random padding, no PAN XOR) is not implemented.
APC cross-check status
Checked against AWS Payment Cryptography translate_pin_data — the API supports Format 4 via IsoFormat4 translation attributes with TR31_P0_PIN_ENCRYPTION_KEY AES keys. No AES P0 keys currently exist in the test key inventory, so no cross-check vectors are available yet.
Work required
- Create AES-128 P0 keys in APC and derive test vectors for Format 4 ↔ Format 4 and Format 0 ↔ Format 4 translations
- Extend
TranslatePINBlockEncrypted.mjs with a cipher selector (TDES / AES-128 / AES-256); Format 4 should require AES, formats 0/1/3 should require TDES
- Add Format 4 parse/build logic (16-byte block, random pad, AES-ECB)
- Add cross-checked test vectors to
Payment.mjs
- Update
PAYMENT_RECIPES.md validation table row
Gap
PIN Block Translate Encryptedcurrently only supports TDES-ECB with ISO 9564 formats 0, 1, and 3 (64-bit block). ISO Format 4 (128-bit AES block, random padding, no PAN XOR) is not implemented.APC cross-check status
Checked against AWS Payment Cryptography
translate_pin_data— the API supports Format 4 viaIsoFormat4translation attributes withTR31_P0_PIN_ENCRYPTION_KEYAES keys. No AES P0 keys currently exist in the test key inventory, so no cross-check vectors are available yet.Work required
TranslatePINBlockEncrypted.mjswith a cipher selector (TDES / AES-128 / AES-256); Format 4 should require AES, formats 0/1/3 should require TDESPayment.mjsPAYMENT_RECIPES.mdvalidation table row