Apr 28, 2010 at 4:24 PM
Hello, I need some help about the MAC generation using MU command from Thales HSM RG8000. I want to know wich algorithm is implemented in this command. I downloaded, thales simulator open source. When i analyze the VB.NET code, i conclude that the is the CBC MAC algorithm (FIPS PUB 113), wich parse data by 8 bytes block, and next,apply the 3DES encryption. This algorithm is equivalent to ISO/ IEC 9797-1 algorithm 1. But the source code doens't respect the PKCS7 for the last block (which mean pad the last block with "80" and "00","00","00" until it reaches 8 bytes, if the message already can be divided by 8, then add another block "80 00 00 00 00 00 00 00") However when i use GenerateMAC() function of the simulator, i can not find the value calculated by the MU command (Thales RG8000 HSM). Here we can find my test data (from DUMP): -->MAC1 : 61CAA6262176A0E9,MAC2 : 6FF8E10614A9ACF8 Start generate_mac(51) --------------------------------------------- tak_key : 61CAA6262176A0E9 --------------------------------------------- Start command_MU() End command_MU(73) Start HsmQueryBin () Start WriteBalHsm() End WriteBalHsm(OK) End ReadBalHsm(OK) Start ReadBalHsm() FROM HSM: <--MV00D288A1BD| End HsmQueryBin ( OK ) Start command_MV() End command_MV(OK) End generate_mac(OK) End CalculMAC() sMacData=[D288A1BD] BIT MAP : 82 30 00 00 8A 00 00 00 00 00 00 00 00 00 00 01 ------------------------------------ M.T.I : 1814 ------------------------------------ FLD (FIELD): LENGTH : DATA ------------------------------------ - FLD (007) : (010) : [1002251439] - FLD (011) : (006) : [998639] - FLD (012) : (012) : [100225143935] - FLD (033) : (006) : [101010] - FLD (037) : (012) : [005614998639] - FLD (039) : (003) : [800] - FLD (128) : (008) : [D288A1BD] My goal is to recover the value of field 128 :D288A1BD Thank you for your help. I'm stuck for two months, and specifications of Thales HSM does not specify the algorithm used by the MU command. King Regards, Othman.
Apr 28, 2010 at 6:35 PM
No MU command is currently implemented in Thales Simulator. Can you please verify the command code?
Apr 29, 2010 at 1:11 AM
Thanks nickntg for your reply.

Yes, the simulator implement the MA command for MAC generation and there is no MU command.

I thought thaht it was the same command (a difference of names but, maybe, same effect)

So, there is difference between MU command and MA command.

Thanx for your reply

On Wed, Apr 28, 2010 at 6:36 PM, nickntg <> wrote:

From: nickntg

No MU command is currently implemented in Thales Simulator. Can you please verify the command code?

Read the full discussion online.

To add a post to this discussion, reply to this email (

To start a new discussion for this project, email

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at

Apr 29, 2010 at 8:02 PM
I haven't implemented the MU command which, if I understand correctly, is part of the Australian Transaction Key Scheme, so unfortunately I can't really help with how it works or how it differs with the MA command.