Gap
DUKPT Derive AES Key implements AES-128 only (per ANSI X9.24-3). AES-192 and AES-256 key derivation are not yet implemented and are explicitly noted as out of scope in PAYMENT_RECIPES.md.
APC cross-check status
Not checked — requires AES-192/256 BDK keys in the APC inventory to validate against.
Work required
- Extend
DUKPTDeriveAESKey.mjs to support 192-bit and 256-bit initial keys
- Locate or derive test vectors (ANSI X9.24-3 may only cover AES-128 in the public test suite)
- Create AES-192/256 BDK keys in APC and cross-check derived working keys
- Update
PAYMENT_RECIPES.md assumptions note
Gap
DUKPT Derive AES Keyimplements AES-128 only (per ANSI X9.24-3). AES-192 and AES-256 key derivation are not yet implemented and are explicitly noted as out of scope inPAYMENT_RECIPES.md.APC cross-check status
Not checked — requires AES-192/256 BDK keys in the APC inventory to validate against.
Work required
DUKPTDeriveAESKey.mjsto support 192-bit and 256-bit initial keysPAYMENT_RECIPES.mdassumptions note