Hi Nick,
Thanks for the reply, would you mind to describe me, in general, how the pin mailers are generated ?
At the moment we are utilising an ESM to generate the PINs, put them in file and send it to our card manufacture for them to print the pin mailers. The ESM is very different from how HSM works, take this for example,
Our program first sends command to the ESM request a "session key", it returns a session key and an encrypt key.
All the pin blocks will then generated and encrypted under the encrypt key.
The session key at the end will be attached in the PIN file and send to them.
For me it looks like the ZPK(under LMK) on HSM is similar to the encrypt key on ESM so I need to encrypt all pins under a ZPK
and attache the ZPK in the PIN file so they can undo the PINs.
What I am not understand are :
Thanks
DL
Thanks for the reply, would you mind to describe me, in general, how the pin mailers are generated ?
At the moment we are utilising an ESM to generate the PINs, put them in file and send it to our card manufacture for them to print the pin mailers. The ESM is very different from how HSM works, take this for example,
Our program first sends command to the ESM request a "session key", it returns a session key and an encrypt key.
All the pin blocks will then generated and encrypted under the encrypt key.
The session key at the end will be attached in the PIN file and send to them.
For me it looks like the ZPK(under LMK) on HSM is similar to the encrypt key on ESM so I need to encrypt all pins under a ZPK
and attache the ZPK in the PIN file so they can undo the PINs.
What I am not understand are :
- How will their decryption device able to get the clear PIN to print on the mailers if they don't have our LMK?
-
What would the "session key" for the HSM here
Thanks
DL