This the NodeJS implementation of DUKPT based on the vanilla javascript implementation of IDTech DUKPT encryption/decryption. This module provides Dukpt encryption using either 3DES or AES schemes.
Please note that AES encryption/decryption is currently only supported with NodeJS versions 6.x.x and above due to few limitations which will be addressed soon in a next release.
Don't hesitate to report any bugs in the Github Repository!. Many thanks to @jamiesoncj for providing resources.
- Node v12.0.0 or above
npm install dukpt --save Initialize DUKPT by providing BDK and KSN:
const Dukpt = require('dukpt'); const encryptionBDK = '0123456789ABCDEFFEDCBA9876543210'; const ksn = 'FFFF9876543210E00008'; const keyMode = 'datakey'; // optional: defaults to 'datakey' const plainTextCardData = '%B5452310551227189^DOE/JOHN ^08043210000000725000000?'; const dukpt = new Dukpt(encryptionBDK, ksn); After initializing, you can use dukptEncrypt and dukptDecrypt methods to encrypt/decrypt data using DUKPT.
Using 3DES,
const options = { inputEncoding: 'ascii', outputEncoding: 'hex', encryptionMode: '3DES' }; const encryptedCardData3Des = dukpt.dukptEncrypt(plainTextCardData, options); or with AES,
const options = { inputEncoding: 'ascii', outputEncoding: 'hex', encryptionMode: 'AES' }; const encryptedCardDataAes = dukpt.dukptEncrypt(plainTextCardData, options); Using 3DES,
const options = { inputEncoding: 'hex', outputEncoding: 'hex', encryptionMode: '3DES' }; const encryptedCardData3Des = dukpt.dukptEncrypt(plainTextCardData, options); or using AES,
const options = { inputEncoding: 'hex', outputEncoding: 'hex', encryptionMode: 'AES' }; const encryptedCardDataAes = dukpt.dukptEncrypt(plainTextCardData, options); const options = { outputEncoding: 'ascii', decryptionMode: '3DES', trimOutput: true }; const decryptedCardData = dukpt.dukptDecrypt(encryptedCardData, options); const options = { outputEncoding: 'hex', decryptionMode: '3DES', trimOutput: true }; const decryptedCardData = dukpt.dukptDecrypt(encryptedCardData, options); Base derivation key (BDK) for initialization
Key serial number (KSN) for initialization
See here for more information on BDK and KSN
default: 'datakey'
Key mode for deriving session key from initial pin encryption key (IPEK). Possible values are:
datakey(default)pinkeymackey
Dukpt.prototype.dukptEncrypt(plainTextCardData, options) and Dukpt.prototype.dukptDecrypt(encryptedCardData, options)
You can use options object to provide additional options for the DUKPT encryption/decryption. This object is optional and, if you don't provide it, encryption/decryption will use the default values shipped with it.
Following listed are the available options.
| Option | Possible Values | Default Value | Description |
|---|---|---|---|
outputEncoding | ascii, hex | For encryption hex, for decryption ascii | Specify output encoding of encryption/decryption |
inputEncoding | ascii, hex | For encryption ascii, for decryption hex | Specify encoding of the input data for encryption/decryption |
trimOutput (for decryption only) | true, false | false | Specify whether to strip out null characters from the decrypted output |
encryptionMode (for encryption only) | 3DES/AES | 3DES/AES | Specify encryption scheme for dukpt |
decryptionMode (for decryption only) | 3DES/AES | 3DES/AES | Specify decryption scheme for dukpt |
Tests can be run using gulp as follows:
npm run test - Support for DUKPT Encryption/Decryption with 3DES
- Support for DUKPT Encryption/Decryption with AES