Glossary

[ TR-34 ] PAYMENT CRYPTOGRAPHY

TR-34 — Asymmetric Key Distribution

An ASC X9 standard for transporting symmetric keys between HSMs using asymmetric (RSA) cryptography and digital certificates, eliminating the need for clear-component key ceremonies.

Standard:
ANSI X9 TR-34
Origin:
ASC X9

What is TR-34?

TR-34 is an ANSI X9 Technical Report that defines a protocol for distributing symmetric cryptographic keys between HSMs (or between an HSM and a payment terminal) using public-key cryptography. Instead of two organizations meeting to exchange physical key components under dual control — the traditional ZMK ceremony — TR-34 lets them exchange certified RSA key pairs once, then transport an unlimited number of symmetric keys electronically over any transport (email, FTP, web service) without compromising security.

TR-34 was originally developed to solve the operational pain of physical key ceremonies for ATM key loading. Loading a new ZMK into a thousand ATMs traditionally required field technicians visiting each ATM with key-component printouts under guard. TR-34 reduces that to a one-time public-key exchange followed by remote, automated symmetric-key delivery.

How TR-34 Works

Each TR-34 participant has an RSA key pair, with the public key certified by a trusted root CA in an X.509-style certificate chain. To send a symmetric key, the sender (Key Distribution Host, or KDH) wraps the key payload using a hybrid scheme: a one-time random Symmetric Key Transport Key (SKTK) encrypts the payload, and that SKTK is itself encrypted under the recipient's RSA public key. The whole package is then signed by the sender's private key for authenticity.

The recipient (Key Receiving Device, KRD) verifies the signature using the sender's certificate, decrypts the SKTK using its own RSA private key, then uses the SKTK to decrypt the payload. The result is a symmetric key bound to attributes (type, length, allowed uses) carried in the TR-34 envelope.

TR-34 vs TR-31

TR-31 (also from ASC X9) defines a key-block format that binds key attributes to the key itself through a symmetric MAC, preventing a wrapped key from being misused as a different key type by an attacker. TR-34 defines a protocol for distributing keys between distinct entities using asymmetric cryptography. They are complementary: a modern remote key-loading flow typically uses TR-34 to transport a TR-31 key block.

In practice, payShield HSMs implement both: TR-31 wrapping for internal key storage and exchange under shared symmetric KEKs (ZMKs), and TR-34 for the initial bootstrap of those KEKs across organizational boundaries when no shared symmetric key yet exists. The combination eliminates physical key ceremonies for routine operations while preserving the cryptographic binding of key attributes.

Frequently Asked Questions

What does TR-34 stand for?
TR-34 is the ASC X9 Technical Report number — there is no expansion of the letters. It is the 34th technical report in the X9 series that has been formally published.
Is TR-34 the same as TR-31?
No. TR-31 is a key block format (how to wrap a key and bind it to attributes using a symmetric MAC). TR-34 is a key distribution protocol (how two parties exchange keys using asymmetric cryptography). They are designed to work together but solve different problems.
Why use TR-34 instead of TLS?
TLS protects a transport channel but does not bind cryptographic attributes to the key material being transported, and does not produce an auditable wrapped key block at rest. TR-34 produces a self-contained cryptographically bound package that can be transmitted over any channel, stored offline, and verified independently of any session.

Related Terms

ZMKTR-31KEK