After brief investigation, it seems the header can be used to track requests and match up with responses?
↧
New Post: multiple threads on single tcp connection?
↧
New Post: HOW TO GENERATE (DERIVE) AN IPEK (IKEY) on Payshield 9000
Hi...
It looks like you're missing a parameter, DUKPT master key type, and the BDK key scheme
Can you try
0000A0A302U01UEDCC6D6966ADC1A3C83FE89F63BBD483FFFF9876543333E
That's
0000A0A302U0 1U EDCC6D6966ADC1A3C83FE89F63BBD483FFFF9876543333E
1= for example, BDK-type1,
U= key scheme
It looks like you're missing a parameter, DUKPT master key type, and the BDK key scheme
Can you try
0000A0A302U01UEDCC6D6966ADC1A3C83FE89F63BBD483FFFF9876543333E
That's
0000A0A302U0 1U EDCC6D6966ADC1A3C83FE89F63BBD483FFFF9876543333E
1= for example, BDK-type1,
U= key scheme
↧
↧
New Post: Pinblock translation from single DES to triple DES
Hi,
I have a pin block encrypted under single length key, and I can translate the pin block under another double length key to encrypted under triple DES, using host commands SC/CC.
Do we have console command to perform that? Or any other method we can do that in console? Not using host command due to limited access to console only.
Thanks.
I have a pin block encrypted under single length key, and I can translate the pin block under another double length key to encrypted under triple DES, using host commands SC/CC.
Do we have console command to perform that? Or any other method we can do that in console? Not using host command due to limited access to console only.
Thanks.
↧
New Post: multiple threads on single tcp connection?
Yes, resolved. Working smoothly.
↧
New Post: static (clear) BDK?
We generate a BDK using BI command, and console shows:
In our implementation, we use this clear BDK in pin pad and an initial KSN to generate per device IPEK.
Pin pad sends 3DES encyrpted pinblock in Ansi9.8 ISO-0 to server with KSN, and we pass to Thales using command CI which translates successfully:
However, if we restart server calling BI again, it generates a new clear BDK and the translation of pin block fails:
Our work suggests pin pad is initialised with static clear BDK, and BSK should not change.
Why does the simulator create a new clear BDK each time, and does a production Thales HSM also demonstrate this behaviour? Or, is there a BDK under LMK that should be used for IPEK generation?
Many thanks!
Request: 1234BI;UU0
MAJOR>>>Parsing header and code of message 1234BI;UU0...
MAJOR>>>Searching for implementor of BI...
MAJOR>>>Found implementor ThalesSim.Core.HostCommands.BuildIn.GenerateBDK_BI, instantiating...
MINOR>>>=== [BI], starts 13:30:54.738 =======
MAJOR>>>Calling AcceptMessage()...
MINOR>>>[Key,Value]=[Delimiter,;]
[Key,Value]=[Key Scheme LMK,U]
[Key,Value]=[Reserved,U]
[Key,Value]=[Reserved 2,0]
MAJOR>>>Calling ConstructResponse()...
MINOR>>>New BDK (clear): EF3D7A252AA8EAF82919E6C4D99EC86B
MINOR>>>New BDK (LMK): U243095316AC1757907565118B441BB31
MAJOR>>>Calling ConstructResponseAfterOperationComplete()...
MAJOR>>>Attaching header/response code to response...
MAJOR>>>Sending: 1234BJ00U243095316AC1757907565118B441BB31
MINOR>>>=== [BI], ends 13:30:54.748 =======
In our implementation, we use this clear BDK in pin pad and an initial KSN to generate per device IPEK.
Pin pad sends 3DES encyrpted pinblock in Ansi9.8 ISO-0 to server with KSN, and we pass to Thales using command CI which translates successfully:
MAJOR>>>Calling AcceptMessage()...
MINOR>>>[Key,Value]=[Account Number,999999999999]
[Key,Value]=[BDK,243095316AC1757907565118B441BB31]
[Key,Value]=[BDK Scheme,U]
[Key,Value]=[Destination PIN Block Format Code,01]
[Key,Value]=[Encrypted Block,7C6E2C03F30AADBF]
[Key,Value]=[Key Serial Number,FFFF0123456789E00002]
[Key,Value]=[KSN Descriptor,605]
[Key,Value]=[ZPK,450CF23F70F182EB]
MAJOR>>>Calling ConstructResponse()...
MINOR>>>Clear source BDK: UEF3D7A252AA8EAF82919E6C4D99EC86B
MINOR>>>Clear target ZPK: 5E752CA43194A8F4
MINOR>>>Clear PIN Block: 04551E6666666666
MINOR>>>Clear PIN: 5587
MINOR>>>New clear PIN Block: 04551E6666666666
MINOR>>>New crypt PIN Block: 4A2D6BFA62BB9866
MAJOR>>>Calling ConstructResponseAfterOperationComplete()...
MAJOR>>>Attaching header/response code to response...
MAJOR>>>Sending: 0004CJ00044A2D6BFA62BB986601
MINOR>>>=== [CI], ends 13:31:46.154 =======
However, if we restart server calling BI again, it generates a new clear BDK and the translation of pin block fails:
MAJOR>>>Parsing header and code of message 0004CIU90AB1164E510816161D4D74C312A83C41CC5DB1D37156A0B605FFFF0123456789E000027C6E2C03F30AADBF01999999999999...
MAJOR>>>Searching for implementor of CI...
MAJOR>>>Found implementor ThalesSim.Core.HostCommands.BuildIn.TranslatePINFromDUKPTToZPK_CI, instantiating...
MINOR>>>=== [CI], starts 13:32:27.154 =======
MAJOR>>>Calling AcceptMessage()...
MINOR>>>[Key,Value]=[Account Number,999999999999]
[Key,Value]=[BDK,90AB1164E510816161D4D74C312A83C4]
[Key,Value]=[BDK Scheme,U]
[Key,Value]=[Destination PIN Block Format Code,01]
[Key,Value]=[Encrypted Block,7C6E2C03F30AADBF]
[Key,Value]=[Key Serial Number,FFFF0123456789E00002]
[Key,Value]=[KSN Descriptor,605]
[Key,Value]=[ZPK,1CC5DB1D37156A0B]
MAJOR>>>Calling ConstructResponse()...
MAJOR>>>Exception while processing message
System.ArgumentOutOfRangeException: Index and length must refer to a location within the string.
Parameter name: length
at System.String.InternalSubStringWithChecks(Int32 startIndex, Int32 length, Boolean fAlwaysCopy)
at ThalesSim.Core.PIN.PINBlockFormat.ToPIN(String PINBlock, String AccountNumber_Or_PaddingString, PIN_Block_Format Format) in C:\Users\Documents\ThalesSim.Src.0.9.6\ThalesCore\PIN\PINBlockFormat.vb:line 177
at ThalesSim.Core.HostCommands.BuildIn.TranslatePINFromDUKPTToZPK_CI.ConstructResponse() in C:\Users\Documents\ThalesSim.Src.0.9.6\ThalesCore\HostCommands\BuildIn\TranslatePINFromDUKTPToZPK_CI.vb:line 108
at ThalesSim.Core.ThalesMain.WCMessageArrived(WorkerClient sender, Byte[]& b, Int32 len) in C:\Users\Documents\ThalesSim.Src.0.9.6\ThalesCore\ThalesMain.vb:line 778
MAJOR>>>Disconnecting client.
Our work suggests pin pad is initialised with static clear BDK, and BSK should not change.
Why does the simulator create a new clear BDK each time, and does a production Thales HSM also demonstrate this behaviour? Or, is there a BDK under LMK that should be used for IPEK generation?
Many thanks!
↧
↧
New Post: static (clear) BDK?
Hi tozzi21
my understanding is that the BDK should be used to generate an IPEK on the HSM based on the KSN. the IPEK is then loaded on the terminal
the IKEY can be exported under a previously agreed transport key
on the terminal, a new key is generated based on the IPEK and KSN to encrypt a PIN block. the original, encrypted BDK, the KSN and encrypted PIN block can then be supplied to an HSM to translate
NB: in production, you'd never have access to a clear BDK
my understanding is that the BDK should be used to generate an IPEK on the HSM based on the KSN. the IPEK is then loaded on the terminal
the IKEY can be exported under a previously agreed transport key
on the terminal, a new key is generated based on the IPEK and KSN to encrypt a PIN block. the original, encrypted BDK, the KSN and encrypted PIN block can then be supplied to an HSM to translate
NB: in production, you'd never have access to a clear BDK
↧
New Post: static (clear) BDK?
Hello hexdrill
online reading e.g. http://stackoverflow.com/questions/17362567/how-ciphertext-was-generated-in-card-reader-using-dukpt-encryption discusses the process though never specifies where BDK/KSN/IPEK generation actually takes place.
interestingly, my reader expects me to provide a BDK and initial KSN, and will then generate the IPEK itself. it therefore assumes we have access to the clear BDK. now it sense that we will not have access to clear BDK, and we might need to change the firmware.
does command OC (or A2) print clear BDK to an attached printer, or is BDK only ever exposed under LMK 28-29?
i've been unable to find any reference on generating IPEK on HSM. any experience or guidance?
many thanks!
online reading e.g. http://stackoverflow.com/questions/17362567/how-ciphertext-was-generated-in-card-reader-using-dukpt-encryption discusses the process though never specifies where BDK/KSN/IPEK generation actually takes place.
interestingly, my reader expects me to provide a BDK and initial KSN, and will then generate the IPEK itself. it therefore assumes we have access to the clear BDK. now it sense that we will not have access to clear BDK, and we might need to change the firmware.
does command OC (or A2) print clear BDK to an attached printer, or is BDK only ever exposed under LMK 28-29?
i've been unable to find any reference on generating IPEK on HSM. any experience or guidance?
many thanks!
↧
New Post: static (clear) BDK?
going over Thales 9000 documentation shows command A0 with ability to derive key IPEK (IKEY). it allows selection of type of BDK (type 1 bidirectional vs 2 unidirectional), and specifying the KSN.
simulator does not support this A0 function for IPEK when sending: 0000A0A302U01... seems to be expecting ZMK even though not needed (only required if mode = '1' or 'B').
yet, our production system employs only Thales 8000.
any guidance on generating IPEK/IKEY?
simulator does not support this A0 function for IPEK when sending: 0000A0A302U01... seems to be expecting ZMK even though not needed (only required if mode = '1' or 'B').
yet, our production system employs only Thales 8000.
any guidance on generating IPEK/IKEY?
↧
New Post: static (clear) BDK?
unfortunately, i'm away from my desk for a couple of weeks so won't be able to help for a bit
i do know that significant changes were introduced recently on the 9000 for generation and export of IPEKs, so i don't know how successful you'll be on the 8000
i'll try to have a look in the new year
H
i do know that significant changes were introduced recently on the 9000 for generation and export of IPEKs, so i don't know how successful you'll be on the 8000
i'll try to have a look in the new year
H
↧
↧
New Post: static (clear) BDK?
thanks hexdrill
ive gone over the HSM operations and installation manual (of RG7000) which provides GC command (generate key component). interestingly, it suggests output will be displayed in plain and encrypted form:
The clear component is the BDK, while encrypted component is BDK under LMK 28-29. Keys worked in simulated code, will now test on actual hardware HSM.
Will post an update with next findings.
ive gone over the HSM operations and installation manual (of RG7000) which provides GC command (generate key component). interestingly, it suggests output will be displayed in plain and encrypted form:
Connected - Type in commands followed by ENTER.
GC
Key length [1,2,3]: 2
Key Type: 009
Key Scheme: U
Clear Component: FB7F 07C7 61F8 A82A 0ECD 6B19 E3C8 97BF
Encrypted Component: U D85D 2C6C E7D0 9064 EA43 26A6 57AC 0784
Key check value: E7CF C1
The clear component is the BDK, while encrypted component is BDK under LMK 28-29. Keys worked in simulated code, will now test on actual hardware HSM.
Will post an update with next findings.
↧
New Post: PKCS#11 Java interface to Thalessim
Hi,
Is is possible to interface via Java PKCS#11 to Thalessim....Any pointers appreciated.
Sitaraman
Is is possible to interface via Java PKCS#11 to Thalessim....Any pointers appreciated.
Sitaraman
↧
New Post: Does the smulator support
the JAVA JCE environment? I have read the documentation but I am not fully sure how I would set things up. From my horizon the simulator would play the role of a network connected hardware unit, and if everything worked in an analogue way, I would expect to set up my Key Management/config/config.xml to point to 127.0.0.1, port 9998 and follow the nshield_connect_and_netHSM_user_guide.pdf on how to setup a secure world. When done I would expect to be able to run the /cygdrive/c/Program\ Files/Java/jdk1.6.0_30/bin/java com.ncipher.provider.InstallationTest class to get a suitable printout (yep, I do realize that I have to setup security.policy and set the policy to cover unrestricted cryptography, all done :-).
HOwever, it seams like I don't get a connection? Nor Am i able to run command like anonkneti.exe -p 9998 127.0.0.1 to reach simulator (the simulator gets a connect but no further information is presented).
Given my newbie status on this platform, I guess the problem resides between the chair and the keyboard, but any pointers would be greatly appreciated!
regards
HOwever, it seams like I don't get a connection? Nor Am i able to run command like anonkneti.exe -p 9998 127.0.0.1 to reach simulator (the simulator gets a connect but no further information is presented).
Given my newbie status on this platform, I guess the problem resides between the chair and the keyboard, but any pointers would be greatly appreciated!
regards
↧
Created Unassigned: ZMK from Thales 8000 to Safenet Luna SA HSM [12717]
Hej!
I have to support a 3 custodian part key exchange cermony
with the custodian parts generated on a Thales 8000 on a Safenet Luna SA HSM.
I know the how this key would be imported on another thales but...
our Safenet HSM is only accessed programatically.
So I need to transalate the Thales scheme into the actual algorith used..
Can anyone point me in the correct direction or a description like mine below?
I have tried to re-create the key in lots of other different ways but always failed to recreate the
final checvalue "BADB AD".
The keys are generate with the GC command like:
>gc
Enter key length [1,2,3]: 2
Enter key type: 002
Enter key scheme: u
resulting in somthing like:
*********************************************************************
Clear component 1: xxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: ABCD EF
Clear component 2: xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: 1234 56
Clear component 3: xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: CAFF CA
Final Key check value for the above three componets is: BADB AD
COMS_KEY(TRANSPORT KEY): X 1234 5678 9101 1121 3141 5161 7181 9201
Key check value: 0102 03
***********************************************************************
Our custodian export and import:
Three components will be supplied.
All components and the resultant KEK are odd parity.
The key (and key components) check digits are obtained by EDE enciphering 64 0 bits of
data under the key and then displaying the left most 3 or 4 bytes.
Transfer keys split into 3 components: (all executed internally on the HSM)
o Choose two random 16 byte numbers
o Perform xor = key ^ random_1 ^ random_2
o Distribute random_1, random_2 and xor to 3 people.
o The key value is regenerated by key = random_1 ^ random_2 ^ xor at the key loading.
I have to support a 3 custodian part key exchange cermony
with the custodian parts generated on a Thales 8000 on a Safenet Luna SA HSM.
I know the how this key would be imported on another thales but...
our Safenet HSM is only accessed programatically.
So I need to transalate the Thales scheme into the actual algorith used..
Can anyone point me in the correct direction or a description like mine below?
I have tried to re-create the key in lots of other different ways but always failed to recreate the
final checvalue "BADB AD".
The keys are generate with the GC command like:
>gc
Enter key length [1,2,3]: 2
Enter key type: 002
Enter key scheme: u
resulting in somthing like:
*********************************************************************
Clear component 1: xxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: ABCD EF
Clear component 2: xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: 1234 56
Clear component 3: xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: CAFF CA
Final Key check value for the above three componets is: BADB AD
COMS_KEY(TRANSPORT KEY): X 1234 5678 9101 1121 3141 5161 7181 9201
Key check value: 0102 03
***********************************************************************
Our custodian export and import:
Three components will be supplied.
All components and the resultant KEK are odd parity.
The key (and key components) check digits are obtained by EDE enciphering 64 0 bits of
data under the key and then displaying the left most 3 or 4 bytes.
Transfer keys split into 3 components: (all executed internally on the HSM)
o Choose two random 16 byte numbers
o Perform xor = key ^ random_1 ^ random_2
o Distribute random_1, random_2 and xor to 3 people.
o The key value is regenerated by key = random_1 ^ random_2 ^ xor at the key loading.
↧
↧
Commented Unassigned: ZMK from Thales 8000 to Safenet Luna SA HSM [12717]
Hej!
I have to support a 3 custodian part key exchange cermony
with the custodian parts generated on a Thales 8000 on a Safenet Luna SA HSM.
I know the how this key would be imported on another thales but...
our Safenet HSM is only accessed programatically.
So I need to transalate the Thales scheme into the actual algorith used..
Can anyone point me in the correct direction or a description like mine below?
I have tried to re-create the key in lots of other different ways but always failed to recreate the
final checvalue "BADB AD".
The keys are generate with the GC command like:
>gc
Enter key length [1,2,3]: 2
Enter key type: 002
Enter key scheme: u
resulting in somthing like:
*********************************************************************
Clear component 1: xxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: ABCD EF
Clear component 2: xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: 1234 56
Clear component 3: xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: CAFF CA
Final Key check value for the above three componets is: BADB AD
COMS_KEY(TRANSPORT KEY): X 1234 5678 9101 1121 3141 5161 7181 9201
Key check value: 0102 03
***********************************************************************
Our custodian export and import:
Three components will be supplied.
All components and the resultant KEK are odd parity.
The key (and key components) check digits are obtained by EDE enciphering 64 0 bits of
data under the key and then displaying the left most 3 or 4 bytes.
Transfer keys split into 3 components: (all executed internally on the HSM)
o Choose two random 16 byte numbers
o Perform xor = key ^ random_1 ^ random_2
o Distribute random_1, random_2 and xor to 3 people.
o The key value is regenerated by key = random_1 ^ random_2 ^ xor at the key loading.
Comments: ** Comment from web user: lilleman **
I have to support a 3 custodian part key exchange cermony
with the custodian parts generated on a Thales 8000 on a Safenet Luna SA HSM.
I know the how this key would be imported on another thales but...
our Safenet HSM is only accessed programatically.
So I need to transalate the Thales scheme into the actual algorith used..
Can anyone point me in the correct direction or a description like mine below?
I have tried to re-create the key in lots of other different ways but always failed to recreate the
final checvalue "BADB AD".
The keys are generate with the GC command like:
>gc
Enter key length [1,2,3]: 2
Enter key type: 002
Enter key scheme: u
resulting in somthing like:
*********************************************************************
Clear component 1: xxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: ABCD EF
Clear component 2: xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: 1234 56
Clear component 3: xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: CAFF CA
Final Key check value for the above three componets is: BADB AD
COMS_KEY(TRANSPORT KEY): X 1234 5678 9101 1121 3141 5161 7181 9201
Key check value: 0102 03
***********************************************************************
Our custodian export and import:
Three components will be supplied.
All components and the resultant KEK are odd parity.
The key (and key components) check digits are obtained by EDE enciphering 64 0 bits of
data under the key and then displaying the left most 3 or 4 bytes.
Transfer keys split into 3 components: (all executed internally on the HSM)
o Choose two random 16 byte numbers
o Perform xor = key ^ random_1 ^ random_2
o Distribute random_1, random_2 and xor to 3 people.
o The key value is regenerated by key = random_1 ^ random_2 ^ xor at the key loading.
Comments: ** Comment from web user: lilleman **
Sorry should have been added under discussions..,. Ok to close
↧
New Post: Custiodian parts from Thales 8000 on to a Safenet Luna SA HSM
Hej!
I have to support a 3 custodian part key exchange cermony
with the custodian parts generated on a Thales 8000 on a Safenet Luna SA HSM.
I know the how this key would be imported on another thales but...
our Safenet HSM is only accessed programatically.
So I need to transalate the Thales scheme into the actual algorith used..
Can anyone point me in the correct direction or a description like mine below?
I have tried to re-create the key in lots of other different ways but always failed to recreate the
final checvalue "BADB AD".
The keys are generate with the GC command like:
Enter key type: 002
Enter key scheme: u
resulting in somthing like:
Clear component 1: xxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: ABCD EF
Clear component 2: xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: 1234 56
Clear component 3: xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: CAFF CA
Final Key check value for the above three componets is: BADB AD
COMS_KEY(TRANSPORT KEY): X 1234 5678 9101 1121 3141 5161 7181 9201
Key check value: 0102 03
Our custodian export and import:
Three components will be supplied.
All components and the resultant KEK are odd parity.
The key (and key components) check digits are obtained by EDE enciphering 64 0 bits of
data under the key and then displaying the left most 3 or 4 bytes.
Transfer keys split into 3 components: (all executed internally on the HSM)
o Choose two random 16 byte numbers
o Perform xor = key ^ random_1 ^ random_2
o Distribute random_1, random_2 and xor to 3 people.
o The key value is regenerated by key = random_1 ^ random_2 ^ xor at the key loading.
I have to support a 3 custodian part key exchange cermony
with the custodian parts generated on a Thales 8000 on a Safenet Luna SA HSM.
I know the how this key would be imported on another thales but...
our Safenet HSM is only accessed programatically.
So I need to transalate the Thales scheme into the actual algorith used..
Can anyone point me in the correct direction or a description like mine below?
I have tried to re-create the key in lots of other different ways but always failed to recreate the
final checvalue "BADB AD".
The keys are generate with the GC command like:
gc
Enter key type: 002
Enter key scheme: u
resulting in somthing like:
Clear component 1: xxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: ABCD EF
Clear component 2: xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: 1234 56
Clear component 3: xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
Key check value: CAFF CA
Final Key check value for the above three componets is: BADB AD
COMS_KEY(TRANSPORT KEY): X 1234 5678 9101 1121 3141 5161 7181 9201
Key check value: 0102 03
Our custodian export and import:
Three components will be supplied.
All components and the resultant KEK are odd parity.
The key (and key components) check digits are obtained by EDE enciphering 64 0 bits of
data under the key and then displaying the left most 3 or 4 bytes.
Transfer keys split into 3 components: (all executed internally on the HSM)
o Choose two random 16 byte numbers
o Perform xor = key ^ random_1 ^ random_2
o Distribute random_1, random_2 and xor to 3 people.
o The key value is regenerated by key = random_1 ^ random_2 ^ xor at the key loading.
↧
New Post: Decrypt to clear PIN from PINBlock
Dear everybody
I have clear Zone PIN Key (ZPK) and I have full PAN number
If I have PINBlock that is encrypted by ZPK and my Thales HSM connects directly to a dot matrix printer via COM port of HSM.
So is it possible to decrypt to clear PIN and print it into PIN mailer via HSM and printer ?
Please guide me!
Thanks for your support.
I have clear Zone PIN Key (ZPK) and I have full PAN number
If I have PINBlock that is encrypted by ZPK and my Thales HSM connects directly to a dot matrix printer via COM port of HSM.
So is it possible to decrypt to clear PIN and print it into PIN mailer via HSM and printer ?
Please guide me!
Thanks for your support.
↧
New Post: PKCS#11 Java interface to Thalessim
Hi,
Same question here, is there a PKCS#11 API for Thalessim?
/Nima
Same question here, is there a PKCS#11 API for Thalessim?
/Nima
↧
↧
New Post: Thales HSM plain text encryption decryption
Hi ,
I'm trying to do a plain text encryption and decryption using the a single DEK of 32 bytes.
The commands M0 & M2 are getting executed without error ............but the result
post decryption (M3) is'nt right. Instead of getting the original text.......the response M3 shows further encrypted values. Please help .
Thanks,
Sashi
I'm trying to do a plain text encryption and decryption using the a single DEK of 32 bytes.
The commands M0 & M2 are getting executed without error ............but the result
post decryption (M3) is'nt right. Instead of getting the original text.......the response M3 shows further encrypted values. Please help .
Thanks,
Sashi
↧
New Post: Thales HSM plain text encryption decryption
Hi ,
Thanks
This was resolved , just changed input format flag to hex encoded binary
Thanks
This was resolved , just changed input format flag to hex encoded binary
↧
New Post: I got error code 13 Invalid LMK identifier
When i sending any command to HSM it give me error 13 "Invalid LMK Identifier".
Command NO
Message heaser(16 character) : ABCDEFG000000000
Command : NO
Mode Flag : 00
Response Return from HSM : ABCDEFG000000000NP13
Please tell me how could i resolve this error.
Command NO
Message heaser(16 character) : ABCDEFG000000000
Command : NO
Mode Flag : 00
Response Return from HSM : ABCDEFG000000000NP13
Please tell me how could i resolve this error.
↧