Scope: This Solution applies to data encrypted with TDES or AES algorithms using either the Data Key Variant or a PIN Key variant. Therefore it applies to all encrypting readers.
Answer:
To decrypt encrypted data, you will need the the BDK (Base Derivation Key) and the KSN (Key Serial Number) with which the data was encrypted. Generally speaking, the BDK is "super-secret." You will only have the BDK when using a reader that is injected with a demo key. The BDK for a reader with a demo key injected should be 0123456789ABCDEFFEDCBA9876543210 (this is the so-called ANSI standard test key). The KSN will always be sent in plain text (unencrypted) along with the encrypted data and will change slightly with every transaction. The BDK for a production key is only known by the key injection facility (ID TECH) and the decrypting party (gateway or aquirer).
...