Help about console command

Feb 22, 2010 at 8:15 AM
Edited Feb 25, 2010 at 3:38 AM

Hi all,

I have a problem with the thales simulator when using generate component then try to encrypt it for testing purpose.

I try to use command like this in console:

GC
Key length [1,2,3]: 2
Key Type: 002
Key Scheme: U

And the result is:

Clear Component: F2E6 A40B F725 4AA2 AB49 C21F D5F7 43EC
Encrypted Component: U 35AE 3061 0C76 61E2 3597 460D 3B31 D957
Key check value: F73E 1C

then I use EC command to encrypt that clear component, the simulator give me an error: "INVALID KEY SCHEME FOR KEY LENGTH"

EC
Key Type: 002
Key Scheme: U
Enter component: F2E6A40BF7254AA2AB49C21FD5F743EC
INVALID KEY SCHEME FOR KEY LENGTH

I have tested the GC and EC commands many times and I realized that it work well with single length Key (Key scheme: 0)

Example:

GC
Key length [1,2,3]: 1
Key Type: 002
Key Scheme: 0
Clear Component: 6ED9 6257 1CD0 C408
Encrypted Component: F1FC 5AD3 53C5 93EC
Key check value: D570 31


EC
Key Type: 002
Key Scheme: 0
Enter component: 6ED962571CD0C408
Encrypted Component: F1FC 5AD3 53C5 93EC
Key check value: D570 31

or with double and triple length key:

GC
Key length [1,2,3]: 2
Key Type: 002
Key Scheme: X
Clear Component: 51BC 159D 1FA4 586D 94E5 D0C7 5D6E 5129
Encrypted Component: X 67DA 72BC A6DA 6863 6B8B 9F48 5EAA 7B20
Key check value: E866 B5

EC
Key Type: 002
Key Scheme: 0 (must be 0 althrough the double length key, default for double length key in HSM is U or X)
Enter component: 51BC159D1FA4586D94E5D0C75D6E5129
Encrypted Component: 67DA 72BC A6DA 6863 6B8B 9F48 5EAA 7B20
Key check value: E866 B5

Can some one help me what 's wrong in this case?

Thanks you very much!

 

Feb 22, 2010 at 8:44 AM

There's a bug in the EncryptClearComponent_EC class that incorrectly represents the key length in an internal variable. I'll post a fix for this today.

If you've compiled the source code, note that release 0.8.5 has a bug and incorrectly displays key check values on console commands. If you're using the setup redistributable or have downloaded one of the latest versions from the change sets you won't have a problem.

 

Feb 22, 2010 at 8:34 PM

I've posted a fix for this problem. You can either download and compile the latest change set or install the updated runtime. Please let me know if this fix solves your problem.

Feb 23, 2010 at 7:09 AM

I have test the new change, It's very good.

Thanks you very much!