Quantcast
Channel: Thales Simulator Library
Viewing all 332 articles
Browse latest View live

New Post: Translating PIN Block Under Issuer ZPK using Thales Simulator

December 22, 2014, 10:04 pm
$
0
0
Hi,

I was trying to translate pin block under zpk using command

The command that I sent was:"0008JG02650331ED5A60E6011234567890121412348D665AC5A3"

HSM Simulator Data received :

=== [JG], starts 11:24:06.058 =======
[Key,Value]=[Account Number,123456789012]
[Key,Value]=[PIN,14123]
[Key,Value]=[PIN Block Format Code,01]
[Key,Value]=[ZPK,02650331ED5A60E6]

HSM simulator Data Sent:

10.102.12.60:53878
30 30 30 38 4A 48 31 30 | 0008JH10

I am getting 10 as response code instead 00

Please let me know the mistake I am doing in sending command.

OR is there any other command to Translating PIN Block Under Issuer ZPK


Thanks in advance.
Search

New Post: Translating PIN Block Under Issuer ZPK using Thales Simulator

December 22, 2014, 10:11 pm
$
0
0
I too have almost same doubt regarding JG command.Please Help

New Post: Translating PIN Block Under Issuer ZPK using Thales Simulator

December 26, 2014, 12:02 am
$
0
0
Hi,

1 question here. Sorry to ask a question instead of giving an answer.
You have sent this command to the simulator "0008JG02650331ED5A60E6011234567890121412348D665AC5A3"
May i know how did you derive this ?
Is it hexadecimal representation?

Thanks,
Amrutansu

New Post: Exporting LMKs from Thales 9000 to Thales 8000

December 28, 2014, 8:20 am
$
0
0
Hi All,

This is to seek advice on how I can export LMKs from our Thales 9000 to Thales 8000.

Thanks,

New Post: How to interact with HSM using JAVA

December 29, 2014, 6:45 am
$
0
0
Hi Juris,

I appreciate your effort for the help.
Sadly I am still unable to proceed :(. The thing is, I am unable to run any command on HSM client.
Let's say a command event A2 - this is described to generate a random component and print it.

From java, if I want to run this command, I do not know in which format to send the command.

If write A2 as byte stream after opeing a TCP/IP port to HSM, my control never returns back. I have even tried converting the command to hexadecimal and writing it
to the output stream but no luck. If there is any online material I can refer to, please share it.

Below is the code
package thales;

import java.io.BufferedOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.Socket;
public class ThalesSimulatorClient { 
public static void main(String [] args){
    try{
        ThalesSimulatorClient simulatorclient = new ThalesSimulatorClient();

        Socket socket = new Socket("localhost",9998);
        System.out.println("Socket is connected : "+socket.isConnected());
        String command = simulatorclient.toHex("A2");
        byte[] bytes = command.getBytes();
        OutputStream outputStream = socket.getOutputStream();
        BufferedOutputStream bufferedOut = new BufferedOutputStream(outputStream, 1024);
        bufferedOut.write(bytes);
        bufferedOut.flush();
        InputStream in = socket.getInputStream();
        int result;
        while((result = in.read()) != -1){
                System.out.println((char)result);
        }
        socket.close();
    }
    catch(IOException ioException){
        System.err.println("unable to connect to socket 9997");
    }
}
public String toHex(String arg) {
        String hexString =  String.format("%016x", new BigInteger(1, arg.getBytes()));
    return hexString;
}
}
Thanks,
Amrutansu

New Post: Translating PIN Block Under Issuer ZPK using Thales Simulator

January 4, 2015, 10:52 pm
$
0
0
Hi,

I think "0008JG02650331ED5A60E6011234567890121412348D665AC5A3" is command sent to simulator.

This may be derived on the basis of message format which includes message header,command to be sent,etc.

Don't think it is a hexadecimal representation.

I too have been working on this.


Thanks ,
Karna

New Post: Importing CVK and PVK

January 13, 2015, 12:08 am
$
0
0
Hello,

I have CVK and PVK encrypted under ZMK, I need to import these keys under LMK so, I'm using IV command from the HSM console but whenever I enter the ZMK I receive key parity error.

I have MDK, IWK and AWK and all of them imported successfully except CVK and PVK

May I seek your advise....

New Post: ZPK/ZMK/LMK

January 13, 2015, 2:10 am
$
0
0
Hi,

Can anyone explain me the concepts of ZPK under LMK and ZPK under ZMK?

Which of these needs to be stored in database?

I am really confused between these two encrypted keys?__

Regards,

Karna Nair
Search

New Post: How to interact with HSM using JAVA

January 18, 2015, 6:08 pm
$
0
0
Hi Amrutansu,

Sorry for long silence,

You are forgetting to add software header (message length) to command, OutputStream do not add it itself.

If you want to use OutputStream just add the length of the command before it as 2 bytes, like in example below:
    private static byte[] length2byte (int len) {
        byte[] b = new byte[2];
        b[0] = (byte)(len / 256);
        b[1] = (byte)(len % 256);
        return b;
    }
The method abowe returns the 2 byes containing the length of message. For example, if you need to send to HSM 0001NC the commmand itself should look like \00\060001NC. With '\' I have escaped binary data.

That should work for you.

Regards,
Juris

New Post: Translating Pin Block Under ZPK

January 18, 2015, 6:14 pm
$
0
0
Hi,

If you mean you are acquirer (or just forwarder of PIN-block) and need to translate PIN-block from your ZPK to shared with issuer ZPK, you should use CC host command described in Host Command Reference Manual. If you have future questions, let us know.

Regards,
Juris

New Post: Exporting LMKs from Thales 9000 to Thales 8000

January 18, 2015, 6:16 pm
$
0
0
Hi,

You are unable to export LMKs from HSM. HSM will newer return it. You should have the LMK components on smart cards. You can use the same cards from HSM 8000 to install the LMK on PS9000. The old cards are compatible with PS9000.

Regards,
Juris

New Post: Translating PIN Block Under Issuer ZPK using Thales Simulator

January 18, 2015, 6:22 pm
$
0
0
Hi!

10 error code means "source key parity error". Bascly that means, that you are using incorrect key to decrypt PIN block. Try to verify terminal (source) ZPK using BU host command or KC console command (key type = 001). It should fail to generate key check value.

When HSM decrypts key from under LMK it verifies each byte to have odd parity (parity bit must be correct). If the key is decrypted with wrong key, it is very low possibility that it will have all bytes odd. The HSM returns the fail error code.

Just for info, if destination key is wrong HSM will return 11 error code.

Regards,
Juris

New Post: Importing CVK and PVK

January 18, 2015, 6:33 pm
$
0
0
Hi,

The best way to import PVK and CVK is using IK console command. Do not use IV, it is obsolete and requires legacy ZMK.

1) make sure you have correctly formed ZMK using FK command. The 3rd part have give it to you in a clear componnet (or multiple componnet); ZMK has 000 key type. Together with ZMK you should receive ZMK check value. It MUST be the same with check value that was returned by your HSM after formation of key.
2) Depending on representation of CVK and PVK, these keys can be double length or pair of single length DES keys, import whole double length key or combine the pair (CVK A and CVK B for example) in double length key before import. PVK has 002 key type and CVK has 402 key type.

Good luck!

Regards,
Juris

New Post: ZPK/ZMK/LMK

January 18, 2015, 6:54 pm
$
0
0
Hi,

You are not first :)

I will try to explain (but my English not so good to be clear enough :( ).

HSM never works with plain keys, all the keys it processing, are encrypted under other, called Key Encryption Key (KEK), keys. The LMK is KEK which is securely stored in the secure environment, HSM. The main idea of HSM is, that you can not get real LMK key value, respectively, you can not get the real working key plain value. All the keys you are using with HSM are cryptograms. LMK is your personal KEK which is not accessible to other parties (what means it is secure KEK). These keys you should keep in database to use with your own HSM.

Sometimes, you need to transmit keys to other parties, eg, Visa or MasterCard to exchange some encrypted data like PIN-blocks. In that case you should use another KEK called ZMK. It is transport key which is used ONLY for other key exchange. You are unable to use ZMK encrypted keys with your HSM. First, you MUST import the key under your LMK to make it managanbe.

RESULT:
1) You should use keys under LMK
2) Keys under ZMK are only used to be transmitted to other parties.

If I was not clear enough pls do not hesitate to ask, will try to find another explanation.

Regards,
Juris

New Post: ARQC/ARPC Verification

January 20, 2015, 10:24 pm
$
0
0
Hi,

We tried to run KQ command for validating ARQC by sending it to Thales Simulator.

Command = 0200KQ000123456789ABCDEF0123456789ABCDEF29F360200229F37041122334439A03100120;950500000000009F3704112233449F100706010A03A0B0009F360200229C01009F1A0208409A031001209F02060000000040005F2A0208409F0306000000000000

But We got KR 01 which means ARQC verification failed.


On Thales Simulator:
Data Sent:__

43 30 31 30 30 39 46 31 | C01009F1
41 30 32 30 38 34 30 39 | A0208409
41 30 33 31 30 30 31 32 | A0310012
30 39 46 30 32 30 36 30 | 09F02060
30 30 30 30 30 30 30 34 | 00000004
30 30 30 35 46 32 41 30 | 0005F2A0
32 30 38 34 30 39 46 30 | 208409F0
33 30 36 30 30 30 30 30 | 30600000
30 30 30 30 30 30 30 | 0000000

Data Recieved:

30 32 30 30 4B 52 30 31 | 0200KR01


We are not sure on Data being sent.So we need clarification on certain things:

1.PAN Sequence Number
2.Transaction Data & Data Length



Regards,

Karna
Search

New Post: FA (translate ZPK from ZMK to LMK) command with single length keys

January 21, 2015, 8:48 am
$
0
0
Has anyone got the FA command to work using single length keys?
I get FB10 returned which suggests there is an issue with the ZMK.

See example below where I also include the keys and how they were generated at the console.:

ZMK (plain full key) 9DDC9BAE925D31E6
KCV: 0EB795

Plain ZPK: ABDC5476102301FE
KCV: 6C5A CF

ZPK encrypted under ZMK is 76E565ADB1062E6E

------console to create ZMk from encrypted components-------------
EC
Key Type: 000
Key Scheme: 0
Enter component: 43455E25297CD946
Encrypted Component: 42D51505B7CFC461
Key check value: 428C 48
EC
Key Type: 000
Key Scheme: 0
Enter component: 834CDF1052761FBA
Encrypted Component: 9FB1185F9741502A
Key check value: D6FC F1
EC
Key Type: 000
Key Scheme: 0
Enter component: 5DD51A9BE957F71A
Encrypted Component: 619E36FE513CEA21
Key check value: EEC6 6C

FK
Key length [1,2,3]: 1
Key Type: 000
Key Scheme: 0
Component type [X,H,E,S]: E
Enter number of components (2-9): 3
Enter component #1: 42D51505B7CFC461
Enter component #2: 9FB1185F9741502A
Enter component #3: 619E36FE513CEA21
Encrypted key: 2B77 B300 B254 94A2

Key check value: 0EB7 95

So the ZMK under LMK 04-05 is 2B77 B300 B254 94A2

So for the FA command:
send:
ABCDFA2B77B300B25494A276E565ADB1062E6E

Response:
ABCDFB10

If anyone can shed any light on this it will be much appreciated?

thanks.

New Post: ZPK/ZMK/LMK

January 22, 2015, 8:23 am
$
0
0
In simple words:

LMK : MAIN OR MOTHER KEYS. UNDER THIS KEYS ALL THE FUTURE GENERATED KEYS WILL BE SAVED. You need to save this LMKs in the either chip card format of paper. Mostly used it Chip card, thales provides you with this cards.

ZPK: Zone Pin Key. used for pinblock generation

ZMK: Zone Master Key, VIsa calls it ZCMK. Its a transport key. Whenever you want to comunicate with another system. And u dont want to EXPOSE the CLEAR COMPONENTs you can use a ZMK to transport them. What you will do, you will invoque 3 custodians, Each of the them will generate a clear ZMK component. Then u will form a ZMK criptogram with those 3 clear components. After that you can export any key under that ZMK. For the other party to get the key. U will need to send them by email the key (ex ZPK) ZPK under ZMK, and the from each custodian has to send to a specific person its clear component. In the other company they will form the ZMK from the clear component and just import the key.

New Post: generating PIN from components

January 25, 2015, 4:18 am
$
0
0
Hi,

I have 2 components, and a KCV value that i need to use to generate a PIN.

I have tried the A4 comment, but it gives me Error 10, response code a5

Any Idea what the issue is?

Component 1 = 13131313131313131313131313131313
Component 2 = 14141414141414141414141414141414

Data Received

127.0.0.1:57330
30 30 30 30 41 34 32 30 | 0000A420
30 30 5A 31 33 31 33 31 | 00Z13131
33 31 33 31 33 31 33 31 | 31313131
33 31 33 31 33 31 33 31 | 31313131
33 31 33 31 33 31 33 31 | 31313131
33 31 33 31 34 31 34 31 | 31314141
34 31 34 31 34 31 34 31 | 41414141
34 31 34 31 34 31 34 31 | 41414141
34 31 34 31 34 31 34 31 | 41414141
34 31 34 | 414

Data sent
127.0.0.1:57330
30 30 30 30 41 35 31 30 | 0000A510

Events
=== [A4], starts 17:14:39.927 =======
[Key,Value]=[Key Component #1,1313131313131313]
[Key,Value]=[Key Component #2,1313131313131313]
[Key,Value]=[Key Scheme (LMK),Z]
[Key,Value]=[Key Type,000]
[Key,Value]=[Number of Components,2]

=== [A4], ends 17:14:39.974 =======

[2015-01-25 5:14:39 PM] Response received from HSM.
[None an 008 M] : 'Message Header' = [0000]
[None an 002 M] : 'Response Code' = [A5]
[None an 002 M] : 'Error Code' = [10]


Thanks

Commented Unassigned: EMV Chip Data [13014]

January 22, 2015, 8:09 am
$
0
0
Does anyone know the details about what all Thales commands I need to use for generating Chip data as an EMV chip/Pin credit card issuer ?
Comments: ** Comment from web user: deiriox **

With the simulator i am not sure which commands but in the Payshield 9000, the commands are:

Mastercard
IMK-AC = 109
IMK-SMI = 209
IMK-SMC = 309
IMK-DAC = 409
IMK-IDN = 509

VISA
DMK-AC = 109
DMK-MAC = 209
DMK-ENC = 309

New Post: Source key parity error

January 27, 2015, 12:48 pm
$
0
0
Hi all.

The goal is to obtain ISO 0 PIN Block encrypted under ZPK.

I'm trying to send the following commands to the simulator via Java:
BA/BB
JG/JH

Application events log:
Client from 127.0.0.1:58105 is connected
Client: 127.0.0.1:58105
Request: 0001BA2057F173771278490
Parsing header and code of message 0001BA2057F173771278490...
Searching for implementor of BA...
Found implementor ThalesSim.Core.HostCommands.BuildIn.EncryptClearPIN_BA, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 0001BB0002057
Calling Terminate()...
Implementor to Nothing
Client: 127.0.0.1:58105
Request: 0001JGU3A1362C8B81A4CE62A731EC3DA7BD7770117377127849002057
Parsing header and code of message 0001JGU3A1362C8B81A4CE62A731EC3DA7BD7770117377127849002057...
Searching for implementor of JG...
Found implementor ThalesSim.Core.HostCommands.BuildIn.TranslatePINFromLMKToZPK_JG, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 0001JH10
Calling Terminate()...
Implementor to Nothing
Command events log:
=== [BA], starts 23:30:39.828 =======
[Key,Value]=[Account Number,173771278490]
[Key,Value]=[PIN,2057F]

Clear PIN: 2057
Encrypted PIN: 02057
=== [BA],   ends 23:30:39.882 =======

=== [JG], starts 23:30:39.926 =======
[Key,Value]=[Account Number,173771278490]
[Key,Value]=[PIN,02057]
[Key,Value]=[PIN Block Format Code,01]
[Key,Value]=[ZPK,3A1362C8B81A4CE62A731EC3DA7BD777]
[Key,Value]=[ZPK Scheme,U]

=== [JG],   ends 23:30:39.984 =======
Why do I always receive 0001JH10 at the end?

I tried to set <CheckLMKParity value="False"/> but with no effect.
Viewing all 332 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>