How to Check Key Status and Key Info for NEO or NEO 2 Products

Owned by IT-ADMIN G (Deactivated)
Last updated: Nov 09, 2023 by Yan Mu
3 min read

For NEO 1 products:

  1. Check Data Encryption status with Get Data Encryption Enable (C7-37).

    Note: This command is only supported in Non-SRED version devices; SRED version devices DO NOT support it.


  2. Send the Check DUKPT keys (81-02) command.



    EXAMPLE: The image below shows the value returned is ffff01ffff01ffffffffffff.

    Counting from left to right, the first byte is slot 0. So ffff01ffff01ffffffffffff shows that slots 2 and 5 have keys present indicating the reader is injected with a DEK and an RKI-KEK.


  3. Send the Get DUKPT Key Serial Number (81-0A) command with data 02 (for slot 2), data 03 (for slot 3), or data 05 (for slot 5).

NEO 2 Products:

  1. Get the firmware version with the Get Version: Protocol 2 (29-00) command.
  2. Send the Get Data Encryption Enable Flag (C7-37) command (see above under NEO 1 products for Non-SRED version devices).
  3. Send the Retrieve Key Info (81-0C) command.

    This command retrieves basic key information. Each pair of three bytes represents one key’s parameters (index and slot).

    For example, 0x02 0x00 0x00 0x02 0x00 0x01 will represent [KeyIndex=0x02,KeySlot=0x0000] and [KeyIndex=0x02,KeySlot=0x0001].

  4. Send the 81-0B command with the corresponding key index and key slot (e.g. 020000 for data key) to retrieve the DUKPT key KSN                                                                                      

  5. Send the Retrieve Detailed Key Info (81-0D) command to retrieve the Key Block Header of the specific key index or slot provided in the command frame. The Key Block Header contains information such as the type of encryption (TDES/AES), Key Variant, and so on.