Quantcast
Channel: Thales Simulator Library
Viewing all 332 articles
Browse latest View live

New Post: Line Encryption

October 31, 2012, 2:52 am
$
0
0

Bump....

I'm having the same issue as SagarGoswami. We are currently using a Magtek SCRA with a our own BDK with a Thales HSM8000 loaded with the same key. However, m3 response doesn't correct decrypted data.

Our encryption method is 3DES CBC mode, it also contains an IV

We send the following to the HSM:

getKSN:xxxxxxxxxxxxxxxxxxxx <20-bits where BDK is 7-bits, Device Serial is 8-bits, Transaction Counter is 5-bits>

getTrack2:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx <80-bits>

What command codes do we need to send to the HSM?

Our country is not very familiar with setting up HSMs for DUKPT(3DES). The Thales guys here have no clue what they  are doing here, so they are calling other offices to get the answers.

Please help.

 

 

 



Search

Source code checked in, #80748

October 31, 2012, 5:08 pm
$
0
0
C# migration. * Added auth state requirements and related classes. * B2, A6. * Fixes and enhancements.

Source code checked in, #80873

November 5, 2012, 1:13 pm

Source code checked in, #80968

November 9, 2012, 12:16 pm
$
0
0
C# migration. * A4 command. * Utilized AuthorizedState attribute.

Source code checked in, #80995

November 10, 2012, 3:21 am
$
0
0
C# migration. * NG command. * Added (dummy) PIN encrypt/decrypt methods.

Source code checked in, #81022

November 11, 2012, 2:46 am
$
0
0
C# migration. * EE command & related extensions.

Source code checked in, #81029

November 11, 2012, 1:23 pm
$
0
0
C# migration. * JG, EA commands.

Source code checked in, #81159

November 17, 2012, 5:09 pm
$
0
0
C# migration. * A0, BA, GG commands. * Added rigged random generator.
Search

Source code checked in, #81173

November 18, 2012, 12:16 pm

Source code checked in, #81176

November 18, 2012, 1:25 pm
$
0
0
C# migration. * MS command. * Added ISO 9797 padding. * Added ISO X9.19 MACing.

Source code checked in, #81276

November 21, 2012, 11:52 am

New Post: HC and A0 commands...

December 8, 2012, 6:13 am
$
0
0

Hi Nick,

I really hope you are still looking at this forum as I am on a project changing some processes to use HSM, however things didn't go well, I have a few questions below hope you are able to advise for me.

1. KG command

KG
Key length [1,2,3]: 2
Key Type: 000
Key Scheme (LMK): U
Key Scheme (ZMK) [ENTER FOR NONE]:
Enter encrypted ZMK [ENTER FOR NONE]:
Enter ZMK check value [ENTER TO SKIP CV TEST]:
Key under LMK: U D6D1 B96C 395E 9B94 BAF1 624D 0488 844A
Key check value: 95C7 6E


KG
Key length [1,2,3]: 2
Key Type: 002
Key Scheme (LMK): U
Key Scheme (ZMK) [ENTER FOR NONE]: U
Enter encrypted ZMK [ENTER FOR NONE]: D6D1B96C395E9B94BAF1624D0488844A
Enter ZMK check value [ENTER TO SKIP CV TEST]: 95C76E
KEY CHECK FAILED

When I try to generate a TPK (2nd KG) using encrypted ZMK (from first KG), why is it telling me key check failed?

 

2. even though, I can still use the ZMK in a A0 command without an error to generate a TPK encrypted under ZMK:

=== [A0], starts 23:18:08.813 =======
[Key,Value]=[Key Scheme LMK,U]
[Key,Value]=[Key Scheme ZMK,U]
[Key,Value]=[Key Type,002]
[Key,Value]=[Mode,1]
[Key,Value]=[ZMK,D6D1B96C395E9B94BAF1624D0488844A]
[Key,Value]=[ZMK Scheme,U]

Key generated (clear): 1F80FE38BF62A1B5F7E9F7EF8FE52997
Key generated (LMK): U98C855AE6823ECA765AE41FADCA24247
Check value: 3ECFD7
ZMK (clear): 5246547C7A89FE8A315EA1E610705D20
Key under ZMK: U9FFCF5D55629F18017A18CF57C76820E
=== [A0],   ends 23:18:08.953 =======

 

3. Generated a TMK using A0 command, then try to generate a TPK encrypted under the TMK always get a "Source Key parity Error"

My program:

A00002U
Input to HSM : 0000A00002U
Output from HSM : 0000A100U8EA4E66E5D9916AD2994068820DBAD9CBFB0D9

A01002UU8EA4E66E5D9916AD2994068820DBAD9CU
Input to HSM : 0000A01002UU8EA4E66E5D9916AD2994068820DBAD9CU
Output from HSM : 0000A110

 

Application Events:

Client from 127.0.0.1:56984 is connected
Client: 127.0.0.1:56984
Request: 0000A00002U
Parsing header and code of message 0000A00002U...
Searching for implementor of A0...
Found implementor ThalesSim.Core.HostCommands.BuildIn.GenerateKey_A0, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 0000A100U8EA4E66E5D9916AD2994068820DBAD9CBFB0D9
Calling Terminate()...
Implementor to Nothing
Client: 127.0.0.1:56984
Request: 0000A01002UU8EA4E66E5D9916AD2994068820DBAD9CU
Parsing header and code of message 0000A01002UU8EA4E66E5D9916AD2994068820DBAD9CU...
Searching for implementor of A0...
Found implementor ThalesSim.Core.HostCommands.BuildIn.GenerateKey_A0, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 0000A110
Calling Terminate()...
Implementor to Nothing

 

Command Events:

=== [A0], starts 00:04:33.654 =======
[Key,Value]=[Key Scheme LMK,U]
[Key,Value]=[Key Type,002]
[Key,Value]=[Mode,0]

Key generated (clear): 08BAF410FECD62F8E92F15A8E32A1ACD
Key generated (LMK): U8EA4E66E5D9916AD2994068820DBAD9C
Check value: BFB0D9
=== [A0],   ends 00:04:33.779 =======

=== [A0], starts 00:05:01.329 =======
[Key,Value]=[Key Scheme LMK,U]
[Key,Value]=[Key Scheme ZMK,U]
[Key,Value]=[Key Type,002]
[Key,Value]=[Mode,1]
[Key,Value]=[ZMK,8EA4E66E5D9916AD2994068820DBAD9C]
[Key,Value]=[ZMK Scheme,U]

Key generated (clear): 4332CBF264199485AE4AD97AF1CD2604
Key generated (LMK): U25E23D55354154AEB1038FE2D70F44C4
Check value: EFE7F8
=== [A0],   ends 00:05:01.454 =======

If I then try A01002U;1U8EA4E66E5D9916AD2994068820DBAD9CU, my program gets an exception and ends.

Application Events:

Client: 127.0.0.1:56984
Request: 0000A01002U;1U8EA4E66E5D9916AD2994068820DBAD9CU
Parsing header and code of message 0000A01002U;1U8EA4E66E5D9916AD2994068820DBAD9CU...
Searching for implementor of A0...
Found implementor ThalesSim.Core.HostCommands.BuildIn.GenerateKey_A0, instantiating...
Calling AcceptMessage()...
Exception while processing message
System.Exception: Invalid value [;1U8EA4E66E5D9916AD2994068820DBA] for field [ZMK].
   at ThalesSim.Core.Message.XML.MessageParser.Parse(Message msg, MessageFields fields, MessageKeyValuePairs& KVPairs, String& result)
   at ThalesSim.Core.HostCommands.BuildIn.GenerateKey_A0.AcceptMessage(Message msg)
   at ThalesSim.Core.ThalesMain.WCMessageArrived(WorkerClient sender, Byte[]& b, Int32 len)
Disconnecting client.
Calling Terminate()...
Implementor to Nothing
Client disconnected.

Command Events:

=== [A0], starts 00:09:59.384 =======
Invalid value detected for field [ZMK].
Received [;1U8EA4E66E5D9916AD2994068820DBA] but expected a hexadecimal value.

is this because the simulator didn't have the ;0/;1 field implemented?

 

Thanks for your time answering all my questions.

David

New Post: HC and A0 commands...

December 8, 2012, 11:04 pm
$
0
0
liaod wrote:

Key length [1,2,3]: 2
Key Type: 002
Key Scheme (LMK): U
Key Scheme (ZMK) [ENTER FOR NONE]: U
Enter encrypted ZMK [ENTER FOR NONE]: D6D1B96C395E9B94BAF1624D0488844A
Enter ZMK check value [ENTER TO SKIP CV TEST]: 95C76E
KEY CHECK FAILED

When I try to generate a TPK (2nd KG) using encrypted ZMK (from first KG), why is it telling me key check failed?

Enter the ZMK with its scheme (UD6D1... instead of D6D1...).

liaod wrote:
Generated a TMK using A0 command, then try to generate a TPK encrypted under the TMK always get a "Source Key parity Error"

My program:

A00002U
Input to HSM : 0000A00002U
Output from HSM : 0000A100U8EA4E66E5D9916AD2994068820DBAD9CBFB0D9

A01002UU8EA4E66E5D9916AD2994068820DBAD9CU
Input to HSM : 0000A01002UU8EA4E66E5D9916AD2994068820DBAD9CU
Output from HSM : 0000A110

You're generating a TMK and then try to use it as a ZMK. The key type code should be 000 in the first A0 command.

New Post: HC and A0 commands...

December 9, 2012, 4:08 am
$
0
0

Thanks Nick,

So what should I do if I want to generate a TPK which encrypted under the TMK?

I tried A01002U;1U8EA4E66E5D9916AD2994068820DBAD9CU but it didn't work, the simulator throws exception (please see the last part of my previous post)

Cheers,

David

New Post: HC and A0 commands...

December 9, 2012, 10:34 am
$
0
0

A0 can be used to generate and optionally encrypt under a ZMK. Use A0 to get a random TPK and then use AE to encrypt the TPK under a TMK.

Search

New Post: Problem generating a triple DES ZPK

December 18, 2012, 5:29 am
$
0
0

Hello,

I am trying to generate a triple DES ZPK with the following command:

xxxxIAT5E221938B9C6ECBFB606334442F275BA33B643EFC679879E;TT0

but the response that I get is

xxxxIB26 (meaning "invalid key scheme")

If I issue the equivalent command for "double" DES:

xxxxIAT5E221938B9C6ECBFB606334442F275BA33B643EFC679879E;UU0

I get a valid response from the simulator:

xxxxIB00U23EB218CFCAD3B77A631790C8819E21BUF9B841D0810889D2E936D07C8BB7A978D308CFB939562197

I suppose it means the simulator can generate only "double" DES ZPKs, not triple DES, is it true? If not, what can I do to generate it? It didn't work for ";YY0" too. I am using the default LMKs for the simulator.

Thanks for any help...

New Post: Problem generating a triple DES ZPK

December 18, 2012, 10:12 am
$
0
0

I'm thinking you were expecting to get IB00TFD283032AC64ADDCF3A3ECEAE3CF93BC64798351C2F47F8BTBC2DEDD6F50964FFB789DFB0AA37CD9EC613AF0C448267D159B6BBBF952141B1 back...which is very logical. For some reason (which must've looked valid back when I was writing IA but I just can't figure out now), the command explicitly throws 26 if you pass a triple-length key.

Thanks for spotting that, I'll fix it and post an update soon.

Source code checked in, #81888

December 18, 2012, 10:15 am
$
0
0
Removed filtering of triple-length keys from the IA command.

Updated Wiki: Latest development build

December 18, 2012, 10:16 am

New Post: Problem generating a triple DES ZPK

December 18, 2012, 10:18 am
Viewing all 332 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>