FATCA News and Information

Having trouble viewing this email? View it as a Web page.                                                                                                                                                  Bookmark and Share

IRS.gov Banner
FATCA News & Information March 29, 2016

Useful Links:



News Essentials

Key FATCA Provisions

News Releases

IRS - The Basics

IRS Guidance

Media Contacts

e-News Subscriptions

IRS Resources

Compliance & Enforcement

Contact My Local Office

Filing Options

Forms & Pubs

Frequently Asked Questions


Taxpayer Advocate

Where to File

Issue Number:  2016-2

Inside This Issue

  1. IRS Updates FATCA International Data Exchange Service (IDES) Encryption Mode

1.  IRS Updates FATCA International Data Exchange Service (IDES) Encryption Mode

The Internal Revenue Service (IRS) maintains a high standard of confidentiality and continuously evaluates security protocols related to information technology. During a routine review, the IRS decided to update the cipher mode used for encryption from Electronic Code Book (ECB) to Cipher Block Chaining (CBC). The CBC cipher is a stronger algorithm for encrypting data that can be implemented in code or by your software of choice.

Update to CBC cipher mode
Beginning July 9, 2016, IDES will no longer accept data packets encrypted with the EBC cipher mode and all users are required to transmit data packets with the CBC cipher mode. The implementation date was carefully chosen to minimize disruption to users. The revised data packaging process improves the AES-256 key encryption and is summarized below. All other data packaging details, such as data padding, remain the same.


Current ECB Encryption Mode

Update to CBC Encryption Mode

Step 1: Create payload file


Encrypt XML file with AES-256 key

  • Cipher mode: ECB
  • Initialization Vector (IV): no IV
  • Key size: 256 bits/32 bytes



Encrypt XML file with AES-256 key and IV using CBC mode

  • Cipher mode: CBC
  • Initialization Vector (IV): 16 byte IV
  • Key size: 256 bits/32 bytes

Step 2: Encrypt AES key and IV key file -


Encrypt AES key and IV key with public key of each recipient




Encrypt AES key and IV with public key of each recipient. The resulting 48 byte key includes the 32 byte AES key, plus the 16 byte IV.


You may participate in the next open test period from June 16-30, 2016 to test the security update. Data packets sent on or after July 9, 2016 using the current ECB cipher mode will be rejected as the IRS will no longer be able to decrypt the data packets. All data packets received from the IRS must follow the same process with the CBC cipher mode. For decryption, the data packaging process is reversed, with the 48 byte key file separated into a 32 byte AES key and a 16 byte IV.

A new decryption notification code of NKS (Incorrect AES key size) has been added. If you receive an NKS notification, check your file for the following common errors:

  • Data packet transmitted with ECB cipher mode
  • Data packet does not include IV in Key File
  • Data packet key size is not 48 bytes
  • Data packet does not contain the concatenated key and IV.

Online Resources
Please sign up to attend the next FATCA Global IT Forum hosted by the IRS.  Our technical experts will be available to answer your questions. We will update all on-line documentation and web content for the cipher mode. The code samples on GitHub will reflect the specific implementation settings for CBC. The IRS released this code with an open source license and samples can be used as a step-by-step guide or modified to update your data packaging software.  For more information, visit the IDES Resources web pages.

Back to top

Thank you for subscribing to FATCA News & Information, an IRS e-mail service. For more information on federal taxes please visit IRS.gov.

This message was distributed automatically from the FATCA News & Information mailing list. Please Do Not Reply To This Message.