How does one split / combine cryptographic keys?

Cryptographic keys need to be kept secret to preserve the secrecy of the encrypted data. For this reason, keys that are used to encrypt payment transactions (production keys) should not exist in whole outside an HSM (Hardware Security Module). If a key needs to be transferred from one HSM to another, It can be split into components (usually 2 but sometime 3 components). Each component is meaningless by itself. One can derive the key only with all the components. When transferring keys, great care should be taken to ensure the components are never in the same location at the same time. The HSM splits the key into components for trans port. Each component should be handled by different operators. Each operator will place a component into a tamper evident package and ship the package. Each packages will be shipped via different carriers to different recipients. The operators that receive components will enter the information into the receiving HSM. The KCV (Key Check Value) will be used to verify each component and the final key once the components have been combined.  Because, the splitting and combining is done for you (by the HSM), you really don't NEED to know HOW it's done. Some of us are just intellectually curious others have special projects that might benefit from knowing this information. Below I try to explain how to split and combine keys.

Splitting keys into components: 

2 component parts:

  1. Start with the Key1 (using the ANSI standard key for this example):0123456789ABCDEFFEDCBA9876543210
  2. create a random number of the same length (16 bytes in this example): 0452DDB661F7DCDC1046C2F044CAAAD5 (this will become key Component1)
  3. XOR the 2 numbers (Component1 and Key1): 0452DDB661F7DCDC1046C2F044CAAAD5 XOR 0123456789ABCDEFFEDCBA9876543210 = 057198D1E85C1133EE9A7868329E98C5 (the result will be key component 2)
    Key:                 0123456789ABCDEFFEDCBA9876543210 KCV:08D7B4
    Component1:   0452DDB661F7DCDC1046C2F044CAAAD5 
    Component2:   057198D1E85C1133EE9A7868329E98C5 

The KCV is the "Key Check Value" for the key, calculated by assuming the key/components are 3DES keys, and encrypting a string of binary zeroes. The KCV is the first six hex digits of the resulting ciphertext.

https://www.emvlab.org/keyshares/


3 component parts:

  1. Start with the Key1 (using the ANSI standard key for this example):0123456789ABCDEFFEDCBA9876543210
  2. create 2 random number of the same length (16 bytes in this example): 988A59D7273186B8C9C9922B6D40BA75 and 8936E5269ADFABE7D4829B2EFB3BF5D9 (the random numbers will become Component1 and Component2)
  3. XOR the 3 numbers. i.e. XOR Key1, Component1 and Component2 together: XOR(0123456789ABCDEFFEDCBA9876543210, 988A59D7273186B8C9C9922B6D40BA75, 8936E5269ADFABE7D4829B2EFB3BF5D9) = 109FF9963445E0B0E397B39DE02F7DBC (the result will be key Component3)


When combining keys. You will do the reverse

2 Parts:

XOR Component1 and Component2 to get Key1


3 Parts:

XOR Component1 and Component2 and Component3 to get Key1