Source key parity error

Jan 27, 2015 at 7:48 PM
Edited Jan 27, 2015 at 7:52 PM
Hi all.

The goal is to obtain ISO 0 PIN Block encrypted under ZPK.

I'm trying to send the following commands to the simulator via Java:
BA/BB
JG/JH

Application events log:
Client from 127.0.0.1:58105 is connected
Client: 127.0.0.1:58105
Request: 0001BA2057F173771278490
Parsing header and code of message 0001BA2057F173771278490...
Searching for implementor of BA...
Found implementor ThalesSim.Core.HostCommands.BuildIn.EncryptClearPIN_BA, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 0001BB0002057
Calling Terminate()...
Implementor to Nothing
Client: 127.0.0.1:58105
Request: 0001JGU3A1362C8B81A4CE62A731EC3DA7BD7770117377127849002057
Parsing header and code of message 0001JGU3A1362C8B81A4CE62A731EC3DA7BD7770117377127849002057...
Searching for implementor of JG...
Found implementor ThalesSim.Core.HostCommands.BuildIn.TranslatePINFromLMKToZPK_JG, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 0001JH10
Calling Terminate()...
Implementor to Nothing
Command events log:
=== [BA], starts 23:30:39.828 =======
[Key,Value]=[Account Number,173771278490]
[Key,Value]=[PIN,2057F]

Clear PIN: 2057
Encrypted PIN: 02057
=== [BA],   ends 23:30:39.882 =======

=== [JG], starts 23:30:39.926 =======
[Key,Value]=[Account Number,173771278490]
[Key,Value]=[PIN,02057]
[Key,Value]=[PIN Block Format Code,01]
[Key,Value]=[ZPK,3A1362C8B81A4CE62A731EC3DA7BD777]
[Key,Value]=[ZPK Scheme,U]

=== [JG],   ends 23:30:39.984 =======
Why do I always receive 0001JH10 at the end?

I tried to set <CheckLMKParity value="False"/> but with no effect.
Feb 1, 2015 at 10:53 AM
Hi,

i do not know the reason, may be it always checks the parity. I've checked your key and its parity is not adjusted.

Try to use adjusted one UE6A4D315D63932332163FBDA8ECCD2BF

Regards
Marked as answer by mfilippov on 2/2/2015 at 3:52 AM
Editor
Feb 20, 2015 at 1:37 PM
Hi!

You have different LMKs, so, the key @mfilippov used on his encironment can not be reused on different HSMs with different LMK. Also, can not be verified. When HSM receivs the key, ed. UE6A4D315D63932332163FBDA8ECCD2BF from @teryakif example first it decrypts the key inside itself using appropriate LMK pair (keys used in commands are cryptograms itself). Only decrypted key is checked to be parity adjusted.

So, you can generate the new ZPK key using Thales Simulator using A00001U host command or KG console command and try it.

If you need specific key to be used, first you should export ZPK under ZMK shared between HSM and HSM simulator and import it under HSM simulator LMK (it uses Thales Test Variant LMK), Only after such actions the key can be used with HSM simulator and will not return parity error.

Regards,
Juris