Quantcast
Viewing all 332 articles
Browse latest View live

New Post: ZPK's KCV not matching

March 9, 2016, 7:37 am
$
0
0
Hi,

Sorry for very late answer, but this question may be answered, because is frequently asked.

You are exporting key under ZMK in scheme U, it is Thales proprietary scheme, but importing using X scheme, which is usual ANSI ECB without Variants. The plaintext key after decryption using wrong scheme results the completely different key and also key check value.

In such cases, normally, Thales HSM will adjust parity but the key will be wrong.

Do like in example below:

KE
Key Type: 001
Key Scheme: U
Enter encrypted ZMK: U5951F794E619BF50089C987F7D627447
Enter encrypted key: UE9BEB6B92388412B2306538E5E881B8B
Key encrypted under ZMK: UE7BE9848A4C1C6FF601767ACC926A5B0
Key Check Value: B65F 19

RECHECK THE ENCRYPTED ZPK ----->
IK
Key Type: 001
Key Scheme: U
Enter encrypted ZMK: U5951F794E619BF50089C987F7D627447
Enter key: UE7BE9848A4C1C6FF601767ACC926A5B0
...

Regards,
Juris
Search

New Post: "SA" command

March 9, 2016, 10:55 am
$
0
0
Thank you so much! Unfortunately, what I found just recently, that it looks like, the same command can be customized differently for different customers (upon request), so the same SA/SB and SC/SD commands can have completely different functions for two different HSM modules, depending on what kind of customization were made. I'm sorry I did not know that when I asked the question.

New Post: Export Import ZPK/PVK

March 9, 2016, 8:15 pm
$
0
0
Hi to all,
Sorry by this, may appear a dummy question but I don't have much experience with HSM.
How can I export ZPK and PVK from one HSM to another?
I know I need to use IK/KE commands, but also I think I need to create a ZMK common for the 2 HSM but here I got a little lost.

Thanks in advance for any help.
Regards.

New Post: Export Import ZPK/PVK

March 9, 2016, 11:37 pm
$
0
0
Hi,

You must create a clear ZMK component(s) using console command GC and form the ZMK using console command FK on both HSMs. The ZMK key type is 000, schema U. This ZMK can be used to export and import your keys.

Regards,
Juris

New Post: Export Import ZPK/PVK

March 10, 2016, 4:34 am
$
0
0
Thanks for your help Manshtein.
Only to confirm, all my check values must be the same in both HSM, right?

Regards.

New Post: ZPK's KCV not matching

March 14, 2016, 6:51 am
$
0
0
Hi,

Thank you, I tried with "U" option still it is not matching. Thanks for the reply, I tried again but in vain.

GENERATE CLEAR KEY1---->
GC
Key length [1,2,3]: 2
Key Type: 000
Key Scheme: U
Clear Component: 835D 4AD3 4092 EF7C 700E 32CE 983D F85D
Encrypted Component: U 82A5 BAC7 607A 3626 A45F F868 F3B4 3207
Key check value: 4C8A 46
__
GENERATE CLEAR KEY2---->
GC
Key length [1,2,3]: 2
Key Type: 000
Key Scheme: U
Clear Component: C7E5 FDFD 929B A849 CB7A 6285 672A 7F3B
Encrypted Component: U C284 C0D4 0D4B 632E AA1D A76D 0752 3BE6
Key check value: E8DE 21

GENERATE CLEAR KEY3---->
GC
Key length [1,2,3]: 2
Key Type: 000
Key Scheme: U
Clear Component: BC57 13CB 1361 9140 4913 1A5B F8F8 9268
Encrypted Component: U C139 8E42 C022 6EF1 CA67 4FB9 2694 5F79
Key check value: 0F39 77
__
Clear Key1, 2 & 3
835D4AD34092EF7C700E32CE983DF85D
C7E5FDFD929BA849CB7A6285672A7F3B
BC5713CB1361914049131A5BF8F89268

GENERATE ZMK ---->
FK
Key length [1,2,3]: 2
Key Type: 000
Key Scheme: U
Component type [X,H,E,S]: X
Enter number of components (2-9): 3
Enter component #1: 835D4AD34092EF7C700E32CE983DF85D
Enter component #2: C7E5FDFD929BA849CB7A6285672A7F3B
Enter component #3: BC5713CB1361914049131A5BF8F89268
Encrypted key: U CB42 400E 1F99 657E 7113 AB17 2A9B 67BB
Key check value: 6209 63

__GENERATE PK--->
__GC
Key length [1,2,3]: 2
Key Type: 001
Key Scheme: U
Clear Component: FEFD 3D7A EC92 C7C4 237C EFA1 7A79 341C
Encrypted Component: U 7A8F 821E 9F6A BAAF 0881 7FEC 7081 F6DE
Key check value: 5269 9F

Encrypted ZMK & PK--->
UCB42400E1F99657E7113AB172A9B67BB
U7A8F821E9F6ABAAF08817FEC7081F6DE

Key Export--->
KE
Key Type: 001
Key Scheme: U
Enter encrypted ZMK: UCB42400E1F99657E7113AB172A9B67BB
Enter encrypted key: U7A8F821E9F6ABAAF08817FEC7081F6DE
Key encrypted under ZMK: U 07EC 7AE9 17C0 A4FF 1998 F434 B404 B882
Key Check Value: 5269 9F

Encrypted ZPK --->
U07EC7AE917C0A4FF1998F434B404B882

Import Key ZPK--->
IK
Key Type: 001
Key Scheme: U
Enter encrypted ZMK: UCB42400E1F99657E7113AB172A9B67BB
Enter key: __U__07EC7AE917C0A4FF1998F434B404B882
INVALID KEY SCHEME FOR ENCRYPTED KEY - MUST BE ANSI

Sorry I getting this error if i change X to U.

New Post: Need Help to Configure the Runtime with Binary Download

April 27, 2016, 2:30 am
$
0
0
Hi,

I have downloaded the binaries as well the source viz. ThalesSim.0.9.6.Binaries and ThalesSim.Src.0.9.6. I am able to connect the HSM from my application and recieve response to the commands by using the binaries.

I understand from the documentation that we can do runtime compiles of the vb code but unable to find the setup information.

I tried creating a empty folder ./runtime folder and tryed to change the inbuild command generate_key_a0.vb but it fails to compile the newly edited file due to missing supporting libraries ThalesCommandCode.vb.

Can somebody help me the tree struture where can i put the source file , if i want to do some run time compilation of inbuild commands.

The parameter has been configured as below :

<!-- Directory that contains VB sources to compile and use as racal commands in runtime -->
<VBSourceDirectory value="E:\ThalesSim.0.9.6.Binaries\ThalesCore\HostCommands\Runtime" />

    <!-- Directory where XML host command definitions reside -->

<XMLHostDefinitionsDirectory value=".\ThalesCore\XMLDefs\HostCommands" />

The Runtime folder just has one file : GenerateKey_A0.vb

All other files are in there respective folders as in the ThalesSim.Src.0.9.6.

Requesting an assistance on the above.

Regards,
Ganesh

New Post: generate keys

July 5, 2016, 12:58 am
$
0
0
Dear all,

I am a newbie to Thales HSM.

I need three 128 bits keys, TPK, TMK and base key. TPK and TMK need to transmit from server side to client side over network. Therefore will be encrypted before transmission. TPK will be encrypted by TMK and TMK will be encrypted by base key. Base key will be send to client manully. Client side cannot communicate with HSM.

I am not sure how to generate above 3 keys from HSM. Is it using A0, HC, combination of both or some other commands? Is the TMK and TPK generated from HSM are in encrypted form or I need to encrypt by myself before transmit over the network. If in encrypted form, is it possible to follow the algorithm, base[TMK[TPK]], mentioned above.

Thanks in advance for all your helps.

Best regards,
Chris.
Search

New Post: generate keys

July 5, 2016, 1:25 am
$
0
0
In addition to previous post, plain form TPK will be used to encrypt data in client side.

Secondly, I am afraid keys' terminology will confuse my description on my previous post, actually I need 3 keys from HSM. Key2 and Key3 will send from server side to client side over the network. Key2 and Key3 will be encrypted before the transmission. Key3 is encrypted by Key2 and Key2 will be encrypted by Key1, Key1[Key2[Key3]].

Best regards,
Chris.

New Post: FA Command fails, the decrypting of the encrypted pin key matches only the first half of the clear that was encrypted

July 8, 2016, 1:24 am
$
0
0
Generated various key as follows
GENERATE CLEAR ZMK and ENCRYPTED ZMK under LMK
GC
Key length [1,2,3]: 2
Key Type: 000
Key Scheme: U
Clear Component: B3C2 1001 9851 0DCB A4B5 40C8 45D5 B502 
Encrypted Component: U ED31 B745 D878 9D85 67E7 1F7D 8C88 3E5E 
Key check value: E68C53



GENERATE CLEAR ZPK AND Encrypted ZPK under LMK
GC
Key length [1,2,3]: 2
Key Type: 001
Key Scheme: U
Clear Component: A75D 4F29 643B D031 804F ADFB 54EC 4A54 
Encrypted Component: U A9C3 68CF F695 B72F EEEA EE2F AE74 86FF 
Key check value: 5D11 48

ZPK UNDER ZMK
KE
Key Type: 001
Key Scheme: X
Enter encrypted ZMK: UED31B745D8789D8567E71F7D8C883E5E
Enter encrypted key: UA9C368CFF695B72FEEEAEE2FAE7486FF
Key encrypted under ZMK: X 7913 1546 165E 21EE 7963 6234 F08B FCE2 
Key Check Value: 5D1148
Now I use the clear ZPK and encrypt it under the clear ZMK using a DES calculator.
 ZPK Clear = A75D4F29643BD031804FADFB54EC4A54
ZMK Clear = B3C2100198510DCBA4B540C845D5B502
Encrypted ZPK = 79131546165E21EE79636234F08BFCE2
The FA command fails

FA Command Sent by code
127.0.0.1:18694
30 30 30 32 46 41 55 45 | 0002FAUE
44 33 31 42 37 34 35 44 | D31B745D
38 37 38 39 44 38 35 36 | 8789D856
37 45 37 31 46 37 44 38 | 7E71F7D8
43 38 38 33 45 35 45 58 | C883E5EX
37 39 31 33 31 35 34 36 | 79131546
31 36 35 45 32 31 45 45 | 165E21EE
37 39 36 33 36 32 33 34 | 79636234
46 30 33 46 46 43 45 32 | F03FFCE2
FB response sent by Thales Sim
127.0.0.1:18694
30 30 30 32 46 42 30 31 | 0002FB01
58 33 43 32 36 35 33 39 | X3C26539
38 35 33 45 31 32 34 41 | 853E124A
34 44 41 39 42 44 45 31 | 4DA9BDE1
33 31 35 42 31 44 34 39 | 315B1D49
35 44 30 34 31 45 32 31 | 5D041E21
41 35 34 42 31 32 34 30 | A54B1240
38                      | 8
Command Events
=== [FA], starts 13:15:22.460 =======
[Key,Value]=[Key,79131546165E21EE79636234F03FFCE2]
[Key,Value]=[Key Scheme,X]
[Key,Value]=[ZMK,ED31B745D8789D8567E71F7D8C883E5E]
[Key,Value]=[ZMK Scheme,U]

ZMK (clear): UB3C2100198510DCBA4B540C845D5B502
ZPK (clear): A75D4F29643BD031BC175E6354856910
Key (clear): A75D4F29643BD031BC165E6254856810
Key (LMK): X3C26539853E124A4DA9BDE1315B1D495
Check value: D041E21A54B12408
=== [FA],   ends 13:15:22.495 =======
The key clear has the first half that matches the first half of the zpk. The second half doesn't match. The whole ZPK needs to match which it doesnt and I am not sure why this happens.

New Post: FA Command fails, the decrypting of the encrypted pin key matches only the first half of the clear that was encrypted

July 8, 2016, 5:29 am
$
0
0
Found the problem. One of my routines for changing the bytes being sent to the HSM.
It could not translate the 8B in the encrypted zpk and was translating it to a 3F due it not finding the appropriate encoding.

New Post: How to send Hello String with B2 command to HSM-p9000

August 1, 2016, 8:31 am
$
0
0
Hello Team, I could able to send 0000B2 command to HSM but i could not able to send 0000B2HI to the server.

0000B2 => 0006303030304232
0000B2HI => what is the final command ? i dont knwo


Thanks
Pratik

New Post: How to send Hello String with B2 command to HSM-p9000

August 9, 2016, 12:34 pm
$
0
0
Hi,

It will be:

00063030303042324849


Sent from my iPhone

New Post: HSM Thales 9000 DC command

October 21, 2016, 6:11 am
$
0
0
hi dears
i have hsm 9000 but when isend DC command to hsm it return with DD22 as output what is the solve

New Post: Looking for developers to take over

October 24, 2016, 1:57 pm
$
0
0
I think that by seeing the discussions of the last couple of years, it's pretty clear that the project is no longer maintained or amended by anyone. The main reason for this is that a while ago I've changed jobs and am now working on an industry very remotely connected with banking.

It's safe to say that my time has been extremely limited and I cannot take this project any further, despite my wish to do so. I would therefore like to hear from any developers that wish to take over Thales Simulator and move on.

Nick
Search

New Post: Looking for developers to take over

October 25, 2016, 9:43 am
$
0
0
Hi Nick,

How are you?

After you have released the FINAL release of Simulator, I continued to develop it in Tieto, for Tieto needs, keeping your copiright. If you wish, i can review all the changes in Simulator and add them to Thales Sim in git hub, it will take some time, i made lots of changes, fixes and additions. Also i have started the keyblock part.

Had to start studying of vb.net, that is the live ;)

Sent from my iPhone

New Post: Looking for developers to take over

October 25, 2016, 11:44 am
$
0
0
The core was originally in VB.net. I didn't mind so much initially. Nowadays, it bothers me. I remember putting in some C# code trying to migrate and also writing a lot of tests, but it was left unfinished.

If you feel you're going to be happy to support this further, it would make sense to assign admin rights to this project to you. Moving to Github probably makes sense these days as well.

Commented Issue: Generate PIN Offset (IBM Method) for 6 digit PIN [11062]

November 28, 2016, 6:42 am
$
0
0
Command: DE.
I want to generate the PIN offset (IBM Method) for a 6 digit PIN.
Thales Parameter: Clear PIN length set to 6 (this is so that program chop the DE request correctly)
Request: DE12234EA1333ADA20071446706049556490362734825909754861704N899999999
 
Exception occurs:
Searching for implementor of DE...
Found implementor ThalesSim.Core.HostCommands.BuildIn.GenerateIBMOffset_DE, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Exception while processing message
System.ArgumentOutOfRangeException: Index and length must refer to a location within the string.
Parameter name: length
at System.String.InternalSubStringWithChecks(Int32 startIndex, Int32 length, Boolean fAlwaysCopy)
at ThalesSim.Core.Utility.SubtractNoBorrow(String str1, String str2)
at ThalesSim.Core.HostCommands.BuildIn.GenerateIBMOffset_DE.ConstructResponse()
at ThalesSim.Core.ThalesMain.WCMessageArrived(WorkerClient sender, Byte[]& b, Int32 len)
Disconnecting client.
 
Suspect that it is due to call in DE.ConstructResponse() below that hardcode the second parameter's length to 4 instead of following the length of the PIN:
_offsetValue = Utility.SubtractNoBorrow(clearPin, _decimalisedAcctNum.Substring(0, 4)
 
Note: The command works fine when I tried with a 4-Digit PIN.
 
Would appreciate it very much if could help to provide a fix for it. Much thanks!!
Comments: ** Comment from web user: dhirajm **

I am also getting the same issue.

Please let me know if this is resolved. And what is the solution.

In my Parameters.xml file Clear Pin length value is 4, and my encrypted pins under LMK are 6 digits long.

Thanks,

New Post: CA command issue Pin Translation from TPK to ZPK

November 30, 2016, 6:49 am
$
0
0
Hi,

My requirement is to generate TMK & TPK using Thales and on the POS terminal I need to load TMK, TPK and form pinblock under TPK than i need to translate pinblock under TPK to ZPK. I am able to generate TMK & TPK and on the POS terminal I am able to form the pinblock & now I need to translate pin block encrypted under TPK to ZPK but I am getting error code 24 from HSM. Below is the complete procedure I had followed to generate TMK, TPK & ZPK , and I unable to figure out the issue so Kindly help me.

My Plain TMK
Online-AUTH>gc

Enter LMK id [0-4]: 0
Enter key length [1,2,3]: 2
Enter key type: 002
Enter key scheme: u

Clear component: 4A61 A2F2 FD6B AEAD 64E0 EFFB 0238 BF92
Encrypted component: U57ED CDB3 2A71 E86E CD1E 36D8 10F7 C4A3
Key check value: C4C0 A0

TMK under LMK
Online-AUTH>fk

Enter LMK id [0-4]: 0
Enter key length [1,2,3]: 2
Enter key type: 002
Enter key scheme: u
Enter component type [X,H,T,E,S]: x
Enter number of components [1-9]: 1

Enter component 1: ***************************************

Encrypted key: U4C9F 09F3 5793 2D72 2D21 B8FB D17C 44AC
Key check value: C4C0 A0

Session keys under TMK
HSM Req 00000000HCU4C9F09F357932D722D21B8FBD17C44AC;XU0
HSM Res 00000000HD00X92F9F09C81A15CD3D356219B0C877130U4C3842A2AD9320BB7A0D746AF2FC58DF

Pin Block calculated on terminal in ISO - 0 Standard
Card no - 5399232099999952(12 - digit card no 923209999995)
Pin - 1111
clear TPK - B31F3DA722760101A27F86FC04FFB619
TPK under TMK - 92F9F09C81A15CD3D356219B0C877130(clear TMK- BAFE1FBA3491C1B007BF1398C7D026FD)
Encrypted Pin block block formed on terminal - 9BD69620014FA8B0

Bank ZPK
Online-AUTH>fk

Enter LMK id [0-4]: 0
Enter key length [1,2,3]: 2
Enter key type: 001
Enter key scheme: u
Enter component type [X,H,T,E,S]: x
Enter number of components [1-9]: 2

Enter component 1: ****************************************
Enter component 2: ***************************************

Encrypted key: U400B ACC4 6F0F 611B 893A 6CBA 7E86 6D6D
Key check value: 15A9 31

Pin Translation from TPK to TMK
HSM Req 00000000CAU4C3842A2AD9320BB7A0D746AF2FC58DFU400BACC46F0F611B893A6CBA7E866D6D049BD69620014FA8B00101923209999995
HSM Res 00000000CB24

Thanks in advance for your valuable feedback.

New Post: PIN VERIFICATION DA COMMAND ERROR DB15 PAYSHIELD 9000

December 28, 2016, 10:38 pm
$
0
0
CLEAR PIN : 1234
PINOFFSET : 0099 // IBM3624
PINBLOCK_TPK : 787FA3F7EAA7EBC7
TPKLMK : UAE5CF990B772C58DB86C8F6F08392FF9
PVK : 4385B5DB5AEAF809
PAN : 4135080430018970
DECIMALIZATION_TABLE : 0123456789012345

PIN_VALIDATION_DATA : 4135080430N0
PAN12 : 508043001897



COMMAND : "0000DA"+TPKLMK+PVK+"12"+PINBLOCK_TPK+"0401"+PAN12+DECIMALIZATION_TABLE+PIN_VALIDATION_DATA+PINOFFSET ;

COMMAND SENT : 0000DAUAE5CF990B772C58DB86C8F6F08392FF94385B5DB5AEAF80912787FA3F7EAA7EBC7040150804300189701234567890123454135080430N00099FFFFFFFF

ERROR DB15
Viewing all 332 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>