Problem with pin block generation using TPK

Apr 8, 2010 at 7:43 AM


I am facing a problem while genearting an encrypted pin block.

The requirement is to use the JC command.

I have genrated a TPK/PVK single DES key using the simulator. the command used for the same is

REQUEST: 0000A0002Z

RESPONSE: 0000A1001CF43C9245C042D2967D22

hence my tpk is 1CF43C9245C042D2

Pin: 1234

i am using format 03 pinblockformat - 1234FFFFFFFFFFFF

I am using the logic as in DES class to generate the pin block DES.DESEncrypt(key,pinblockformat)

encrypted pin block - 59E852AEA4AD825B

the formated JC command is

REQUEST:- 0000JC1CF43C9245C042D259E852AEA4AD825B03919820229322


Kindly help me in solving the issue.



Apr 8, 2010 at 7:56 AM

A0 generates keys but encrypts them under the appropriate LMK before returning them to the application. 1CF43C9245C042D2 is the encrypted TPK and my understanding is that you used that value to encrypt 1234FFFFFFFFFFFF and then reach the result of 59E852AEA4AD825B. You need to use the clear key to encrypt the clear PIN block. When you run the A0 command, look at the traces of the simulator for the clear key.

Apr 8, 2010 at 8:24 AM

Thanks Nick for a quick response.

I am sorry but i am unable to trace the clear key.

I have decrypted the TPK using "0000000000000000" and got the response as  "5F92EDEF0E90BECF" and tried this key for encrypting the pin block format and got the same error 24.

Apr 8, 2010 at 8:29 AM

Are you using the standard LMK set or have you changed it in anyway?

Apr 8, 2010 at 8:56 AM

I have not changed the LMK. Can you please let me know i can get the clear key.

Apr 8, 2010 at 9:04 AM

Here's how I got the key. The initial simulator response was 0000A1001CF43C9245C042D2967D22, so the encrypted TPK is 1CF43C9245C042D2 and the check value is 967D22. This means that if you use the clear TPK to encrypt 0000000000000000 you would get a result that starts with 967D22.

Since you have not changed the LMK set, I wrote the following to decrypt your encrypted TPK:

Dim clearKey As String = Utility.DecryptUnderLMK("1CF43C9245C042D2", KeySchemeTable.KeyScheme.SingleDESKey, LMKPairs.LMKPair.Pair14_15, "0")

This gives a value equal to 382601980D0DE545. In order to verify this, I encrypted 0000000000000000 with the key 382601980D0DE545 and the result is 967D223633A0C46F.

To proceed with the JC command you would then have to encrypt the PIN block 1234FFFFFFFFFFFF with the clear key, which gives the value of 52CFFE2556792707. Therefore, the correct JC command would be 0000JC1CF43C9245C042D252CFFE255679270703919820229322.

Apr 8, 2010 at 10:29 AM
Edited Apr 8, 2010 at 10:29 AM

Thanks a lot for the clear explanation

Can you please let me know how to obtain the clear TPK from the Actual HSM on Live environment.

As I have to use the JC and DA commands.

Apr 8, 2010 at 10:39 AM

Short version is: you can't directly do that.

Long version: You could try exporting the TPK under a known key. In order to do that you can create a known clear ZMK and then encrypt it at the Thales console so you can have the clear ZMK and the encrypted ZMK. Once you have that, you would then export the TPK under the ZMK you created (again using the console). The result would be the TPK encrypted under the ZMK whose clear value you know, so you can DES-decrypt to find the clear key.

Relevant console commands:

Form key from components: FK

Export key: KE