All comparisons

[ KL / COMPARE / BPTOOLS ]

KeyLab vs EFTLab BP-Tools

Free, browser-first cryptographic toolkit versus the $999/year established Windows desktop suite. A side-by-side comparison for payment security engineers choosing between EFTLab BP-Tools and KeyLab.

Summary

BP-Tools by EFTLab has been the de-facto desktop tool for payment cryptography testing since 2013. It is a comprehensive Windows-only suite covering HSM commands, key blocks, PIN operations, EMV scripting, ISO 8583 parsing, and SPB. As of 2024, the full BP-Tools license costs USD 999/year per seat.

KeyLab takes a different approach: it runs in the browser (no install), is free for every tool we ship, exposes the same operations (PIN Block ISO 9564, DUKPT, TR-31, ARQC, ISO 8583, Thales payShield command simulation), and adds modern niceties like shareable URLs for tool state, dark mode, multi-language UI, and an optional desktop wrapper for offline / air-gapped work.

For occasional users, sole practitioners, students, and teams that need to onboard new engineers quickly, KeyLab's zero-friction and zero-cost model is hard to beat. For shops that already own BP-Tools licenses and prefer a single Windows installer with vendor support, BP-Tools remains a solid choice — they pioneered the category.

Feature Comparison

FeatureKeyLabEFTLab BP-Tools
PriceFree (all tools)$999/year per seat
PlatformBrowser + Desktop (Electron, all OS) + CLIWindows desktop only
Install requiredNo (browser) or optionalYes (.exe installer)
Account requiredNo for tools; login only for AI assistantLicense key required
PIN Block formatsISO 9564 Formats 0, 1, 2, 3, 4Formats 0, 1, 2, 3
DUKPT3DES + AES (X9.24-3)3DES (X9.24-1)
TR-31 / Thales Key BlockBoth, plus translationBoth
Thales payShield commands50+ commands simulatedFull command set
EMV ARQC / ARPCYesYes
ISO 8583 parserYesYes
Brazilian SPB / PIXYes (STR, SPI, DICT)No
Post-Quantum (ML-KEM, ML-DSA)YesNo
Dark modeYesNo
Multi-language UIEN, PT-BR, ESEN only
CLI for CI/CDYes (`npm install keylab`)No
AI assistantYes (Claude-powered, 50 free credits/mo)No
API / RESTEnterprise planNo
Open sourceNo (free, but proprietary)No

When KeyLab fits

  • You need to run a quick PIN Block, DUKPT, or ARQC check without installing anything.
  • You're onboarding new engineers and want them productive in the first 5 minutes.
  • You work across Mac, Linux, Windows, or rotate between machines.
  • You need Brazilian PIX/SPB support out of the box.
  • You want post-quantum (ML-KEM, ML-DSA) tools today.
  • Your team has zero budget for tools or you're a solo consultant.
  • You need CI/CD integration via CLI or API.

When EFTLab BP-Tools fits

  • You already have BP-Tools licenses and team workflows built around it.
  • You require a Windows-installable suite for compliance / IT-policy reasons.
  • You need vendor-backed support contracts from EFTLab specifically.
  • You operate in a fully air-gapped environment and prefer the established installer (note: KeyLab has an offline desktop too).

Frequently Asked Questions

Is KeyLab really free?
Yes. Every cryptographic tool — PIN Block, DUKPT, TR-31, ARQC, ISO 8583, Thales payShield simulation, post-quantum, the works — is free to use without an account. The only feature behind login is the AI assistant, which gives 50 free credits per month per user.
Why does BP-Tools cost $999/year if KeyLab is free?
BP-Tools was free for many years before EFTLab introduced commercial licensing. KeyLab is following the playbook of being free first to build the user base; whether and how we monetize later is a separate question. Pricing reflects business model, not product depth.
Can I use KeyLab offline?
Yes. The KeyLab Desktop app (Electron-based, Mac/Windows/Linux) bundles every tool for fully offline use, including in air-gapped environments. The browser version also works offline once loaded because all cryptography runs client-side.
Does KeyLab support all the same commands as BP-Tools?
KeyLab's HSM Simulator currently implements 50+ Thales payShield host commands covering the most common production workflows (A0-A6 key generation, BA/CA/CY/DC PIN translation, M0/M2 MAC, EE/EI PVV, FA/VA ARQC, NC diagnostics). BP-Tools implements the full Thales command set including obscure legacy variants. For 95% of real-world use cases, KeyLab's coverage is sufficient.
How is KeyLab's data handled? Is it sent to your servers?
No. All cryptographic operations run entirely in your browser using client-side JavaScript. PINs, keys, PANs, and any other sensitive data never leave your device. The only data sent to KeyLab servers is anonymous page-view analytics and (if you use the AI assistant) your AI prompts.
Can my team use KeyLab without each member creating accounts?
Yes. All tools are accessible without any account. Only the AI assistant requires login (so we can attribute the 50/month credits). For audit logs across team usage, the upcoming Enterprise plan will add SSO and centralized logging.