Translate Pin From TPK to ZPK used CA

Nov 2, 2010 at 11:44 AM

Hi All ,

I try to translate PIN from TPK to ZPK  used CA error in Simulator this is error.

Request: 1234CAFEBE47F0A74ACD55BEFF658B05A49D7E1277E73303BDDDAEC00101791141200002
Parsing header and code of message 1234CAFEBE47F0A74ACD55BEFF658B05A49D7E1277E73303BDDDAEC00101791141200002...
Searching for implementor of CA...
Found implementor ThalesSim.Core.HostCommands.BuildIn.TranslatePINFromTPKToZPK_CA, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Exception while processing message
System.ArgumentOutOfRangeException: Index and length must refer to a location within the string.
Parameter name: length
   at System.String.InternalSubStringWithChecks(Int32 startIndex, Int32 length, Boolean fAlwaysCopy)
   at ThalesSim.Core.PIN.PINBlockFormat.ToPIN(String PINBlock, String AccountNumber_Or_PaddingString, PIN_Block_Format Format)
   at ThalesSim.Core.HostCommands.BuildIn.TranslatePINFromTPKToZPK_CA.ConstructResponse()
   at ThalesSim.Core.ThalesMain.WCMessageArrived(WorkerClient sender, Byte[]& b, Int32 len)
Disconnecting client.
Calling Terminate()...
Implementor to Nothing




Nov 2, 2010 at 12:00 PM

Are you using Single Length ZMKs? You can find the value for this parameter stored in ThalesParameters.xml, parameter DoubleLengthZMKs.

Nov 2, 2010 at 12:01 PM

Please ignore my last post, it's irrelevant to your situation.

Nov 2, 2010 at 12:16 PM

I think that the PIN block is not correctly created. What is the value of the PIN you've entered for this transaction?

Nov 2, 2010 at 12:43 PM

This is my step  and my calculate PIN block :

I Have ZMK Clear and ZMK under LMK :

719C3A241824146A   >>>>>   ZMK CLEAR 
20E8 0083 F9A2 37B7  >>>>> ZMK under LMK  

2. Generate TMK (A0) : Used ZMK under LMK

result :

 F8A6C4CBA4CB0484  >>>  TMK under LMK
 5A8F9DEE64F479E5  >>>  TMK under ZMK

3. Generate TPK (HC) :  Used TMK under LMK 

result :

EEBF84AA0C58F060 >>> TPK under TMK
FEBE47F0A74ACD55 >>> TPK under LMK

4.   Calculate PIN using PIN Format 01 

   46AD88FA4B6D57A4  >>> TPK CLEAR ( PINKEY)

   2580                >>> pin
   5577911412000028    >>> pan
   0425F9EEBEDFFFFD    >>> pin block after xor
   77E73303BDDDAEC0    >>> encrted pin 

5. Translate PIN using CA

FEBE47F0A74ACD55   TPK under LMK

BEFF658B05A49D7E  ZPK under LMK

77E73303BDDDAEC0  SRC PIN block


And do you know how generate TMK and TPK using online status but not authorized , because if i used A0 and HC i must the authorize status in HSM 8000






Nov 2, 2010 at 5:44 PM

I assume you're using the standard LMK set. An encrypted TPK FEBE47F0A74ACD55 has a clear value of AB92FE9EA7165D0D in my environment. As a consequence, the encrypted PIN block is different to the one you describe and the simulator gets it wrong.

If you're building from sources, you can use the ThalesKeyManager utility to store the clear/encrypted values of your test keys. You can also use the utility to see that encrypted TPK FEBE47F0A74ACD55 = clear TPK AB92FE9EA7165D0D and not 46AD88FA4B6D57A4 that you're using. I assume that this was a mistake either in generating the test keys or in copy-pasting the keys. Can you please have another look and confirm this?

Nov 3, 2010 at 5:11 AM

hi nickntg ,

i have tpk clear = 46AD88FA4B6D57A4


 (TMK under ZMK) [5A8F9DEE64F479E5]  decrypted   [719C3A241824146A]  ZMK CLEAR 

result is TMK Clear = 141C15F0B183BC92

(TPK under TMK) [EEBF84AA0C58F060]  decrypted  [141C15F0B183BC92] TMK Clear 

result is TPK Clear = 46AD88FA4B6D57A4

and how you get  clear TPK AB92FE9EA7165D0D .


And my second answer do you know how generate TMK and TPK using online status but not authorized , because if i used A0 and HC i must the authorize status in HSM 8000.




Nov 3, 2010 at 10:05 AM

I've added and debugged a test case for your data, sending FEBE47F0A74ACD55BEFF658B05A49D7E1277E73303BDDDAEC00101791141200002 to the CA command, hence FEBE47F0A74ACD55 is the TPK. When decrypted, encrypted FEBE47F0A74ACD55 = clear AB92FE9EA7165D0D. You may also use the Thales Key Manager project from the source code to see the same thing. In addition to the TPK, clear ZMK=719C3A241824146A means encrypted ZMK=8C8DDA7603F55BBB.

One thing I've asked before but you didn't respond to is, are you using the standard LMK simulator set? The LMK keys are stored in the LMKSTORAGE.TXT file. If you change any of the values in there, then you have different LMK keys than the defaults (which I have) and I cannot decrypt your keys or repeat any steps of your test. The content of the default LMK store is the following:

; LMK Storage file

Please have a look and see if your LMKSTORAGE.TXT contains those values.

Regarding key generation, standard key generation rules apply for A0 - this means that for a lot of keys you will require the HSM/Simulator to be in the authorized state. Regarding TPKs, which you may want to dynamically create and exchange with a terminal, as far as I know HC can be called without going into the authorized state.