Clear PIN Encrypt (CSNBCPE)

Edit online

The Clear PIN Encrypt verb formats a PIN into one of the following PIN block formats and encrypts the results.

You can use this verb to create an encrypted PIN block for transmission. With the RANDOM keyword, you can have the verb generate random PIN numbers. The following PIN-block formats are supported:
  • IBM® 3621 format
  • IBM 3624 format
  • ISO-0 format (same as the ANSI X9.8, VISA-1, and ECI formats)
  • ISO-1 format (same as the ECI-4 format)
  • ISO-2 format
  • ISO-3 format
  • ISO-4 format
  • IBM 4704 encrypting PINPAD (4704-EPP) format
  • VISA 2 format
  • VISA 3 format
  • VISA 4 format
  • ECI2 format
  • ECI3 format
Note: A clear PIN is a sensitive piece of information. Ensure your application program and system design provide adequate protection for any clear PIN value.

To use this verb, specify the following data:

  • A key that is used to encrypt the PIN block.
  • A clear PIN. When you generate random PINs, the clear_PIN variable specifies the length of the generated-PIN value by the number of left-aligned numeral zero characters. The remainder of the variable must be padded on the right with space characters.
  • A PIN profile that specifies the format of the PIN block to be created, and any pad digit; see The PIN profile.
  • When using the ISO-0, ISO-3 or, beginning with Release 5.4, ISO-4 PIN-block format, the PAN_data variable provides the account number that is X-OR-ed with the PIN information.
  • The sequence number. Specify a value of 99999 in the integer variable.

The verb performs the following tasks:

  • Formats the PIN into the specified PIN-block format.
  • For a PIN-block format other than ISO-4, checks the control vector of the DES OPINENC key by verifying that CV bit 18 = B'1' (CPINENC). For a PIN-block format of ISO-4, checks the key usage of the AES PINPROT key by verifying that the key can be used for encryption but not decryption. The encryption mode is CBC, the key can be used to encrypt a clear key (CPINENC), and the key can allow ISO-4 PIN-block formatting.
  • For a PIN-block format other than ISO-4, encrypts the PIN block in ECB mode. For a PIN-block format of ISO-4, encrypts the PIN block in CBC mode.
  • Returns the encrypted PIN-block in the encrypted_PIN_block variable.
Note: This verb supports PCI-HSM 2016 compliant-tagged key tokens.

This verb does not need to document any Usage notes.