Answer:
To decrypted encrypted data, you will need the the BDK (Base Derivation Key) and the KSN (Key Serial Number) with which the data was encrypted. Generally speaking you will only have the BDK when using a reader that is injected with a demo key. The BDK for a reader with a demo key injected should be 0123456789ABCDEFFEDCBA9876543210. The KSN should always be sent in plain text (unencrypted) along with the encrypted data and will change slightly with every transaction. The BDK for a production key is only known by the key injection facility (ID TECH) and the decrypting party (gateway or aquirer).
Navigate to the ID TECH Encrypt/Decrypt Tool. Select "Encrypt or decrypt data" option, then use the Derive button to enter your KSN and derive a session key. In the main window, enter your encrypted data in the Data pane, put the derived (session) key in the Key pane, and click Decrypt.
TDES is the default (and, by far, the most common) encryption/decryption algorithm. However, if the data was encrypted using AES instead of TDES, Check the "use AES" checkbox.
Related articles