I'm having troubles with importing key in Thales 8000, everything works correctly in Thales Simulator but on the HSM is not working.
1) First, I create my Key (ZMK ) with 3 randoms clear components
Enter LMK id [0-9]: 0
Enter key length [1,2,3]: 2
Enter key type: 000
Enter key scheme: U
Enter component type [X,H,T,E,S]: X
Enter number of components [1-9]: 3
Enter component 1: ***************************************
Enter component 2: ***************************************
Enter component 3: ****************************************
Encrypted key: U1129 9294 E211 949D FDAA 4078 EB99 6D31
2) I need to import a key from a partner.
Partner key: 9204 BC57 C145 4A9E 3E04 F137 1C20 62DA
Online-AUTH>IK
Enter LMK id [0-9]: 0
Enter key type: 001
Enter key scheme: U
Enter ZMK: U1129 9294 E211 949D FDAA 4078 EB99 6D31
Enter key: U9204 BC57 C145 4A9E 3E04 F137 1C20 62DA
Invalid key scheme
I`m getting error "Invalid Key Scheme" , when I import it on the SIMULATOR, I don`t have problems
Thanks for any help!
Comments: ** Comment from web user: agavrilenko **
Hi amendez85,
Thank you for update.
Unfortunately, our status is not so good.
1. We disabled parameter ""Import and Export keys in trusted format only" on our HSM.
2. We imported ZPK key under scheme "U", but KCV is different than provided by 3rd party. See a log below:
Online-AUTH>IK
Enter LMK id [0-1]: 0
Enter key type: 001
Enter key scheme: U
Enter ZMK: U 12b5 …
Enter key: U 4f93 …
Warning: key parity corrected
Encrypted key: UA1CA …
Key check value: 48B0B1
3rd party KCV: CAC43D.
We performed a test decrypt operation, but it was unsuccessful as well. We received error: "PIN block does not contain valid values".
So, we should fix the problem with KCV mismatch.
We also tried to import key under "X" scheme. For this case we received error: Invalid key scheme.
Any ideas are welcome! We are really blocked with this issue. I reported it to Thales support - no valuable feedback yet.
Thanks, Andrei