Glossary

[ TR-31 ] PAYMENT CRYPTOGRAPHY

TR-31 — Symmetric Key Block

An ASC X9 / ANSI X9.143 standard that wraps a symmetric key together with cryptographically bound attributes (type, usage, algorithm, mode), preventing an attacker from misusing the wrapped key as a different key type.

Standard:
ASC X9 TR-31 / ANSI X9.143
Origin:
ASC X9

What is TR-31?

TR-31 (now formalized as ANSI X9.143) is a key-block format that wraps a symmetric key together with binding attributes — what kind of key this is (ZPK, BDK, PEK, IPEK, etc.), what algorithms it may be used with, its allowed modes, and its lifecycle state. The wrap is cryptographically bound: any attempt to alter the attributes without the wrapping key voids the MAC and the key block is rejected on unwrap.

TR-31 was created to close a class of attacks that existed against older "raw" key-wrapping schemes where a wrapped ZMK could be tricked into being unwrapped as a PEK (or vice versa), enabling cross-purpose key misuse. By binding attributes inside the wrap, TR-31 makes such attacks cryptographically impossible.

TR-31 vs Thales Key Block

Thales payShield HSMs originally shipped with a proprietary "Thales Key Block" format conceptually similar to TR-31 but with vendor-specific encoding. PCI PIN Security v3.1 made TR-31 / ANSI X9.143 mandatory for new key exchanges, so the modern payShield supports both formats and translation between them via the B0 / BA commands.

The practical difference: TR-31 is interoperable (every HSM vendor implements it), while Thales Key Block is single-vendor. For any new cross-vendor key exchange, use TR-31.

Frequently Asked Questions

What is the difference between TR-31 and TR-34?
TR-31 is a key block format — how to wrap a symmetric key with attributes. TR-34 is a protocol for distributing keys between organizations using asymmetric (RSA) cryptography. They are complementary: a modern remote key load typically uses TR-34 to transport a TR-31-wrapped key block.
What attributes are bound in a TR-31 key block?
Key Usage (BDK, ZPK, PEK, IPEK, etc.), Algorithm (3DES, AES), Mode of Use (encrypt, decrypt, MAC, etc.), Exportability flag, Key Version Number, and optional vendor-defined attributes. All are MAC-bound under the wrapping key.
Is TR-31 mandatory for PCI compliance?
PCI PIN Security v3.1 (December 2021) made TR-31 (or an equivalent key-block format that cryptographically binds attributes) mandatory for new key exchanges starting January 1, 2023. Existing key-distribution methods must be retired by end of 2026.

Related Terms

TR-34ZMKKEKDUKPT