Translate Pin From TPK to ZPK used CA

Nov 2, 2010 at 11:44 AM

Hi All ,

I try to translate PIN from TPK to ZPK  used CA error in Simulator this is error.

Client: 127.0.0.1:51143
Request: 1234CAFEBE47F0A74ACD55BEFF658B05A49D7E1277E73303BDDDAEC00101791141200002
Parsing header and code of message 1234CAFEBE47F0A74ACD55BEFF658B05A49D7E1277E73303BDDDAEC00101791141200002...
Searching for implementor of CA...
Found implementor ThalesSim.Core.HostCommands.BuildIn.TranslatePINFromTPKToZPK_CA, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Exception while processing message
System.ArgumentOutOfRangeException: Index and length must refer to a location within the string.
Parameter name: length
   at System.String.InternalSubStringWithChecks(Int32 startIndex, Int32 length, Boolean fAlwaysCopy)
   at ThalesSim.Core.PIN.PINBlockFormat.ToPIN(String PINBlock, String AccountNumber_Or_PaddingString, PIN_Block_Format Format)
   at ThalesSim.Core.HostCommands.BuildIn.TranslatePINFromTPKToZPK_CA.ConstructResponse()
   at ThalesSim.Core.ThalesMain.WCMessageArrived(WorkerClient sender, Byte[]& b, Int32 len)
Disconnecting client.
Calling Terminate()...
Implementor to Nothing

 

Thanks

IKetutG

Coordinator
Nov 2, 2010 at 12:00 PM

Are you using Single Length ZMKs? You can find the value for this parameter stored in ThalesParameters.xml, parameter DoubleLengthZMKs.

Coordinator
Nov 2, 2010 at 12:01 PM

Please ignore my last post, it's irrelevant to your situation.

Coordinator
Nov 2, 2010 at 12:16 PM

I think that the PIN block is not correctly created. What is the value of the PIN you've entered for this transaction?

Nov 2, 2010 at 12:43 PM

This is my step  and my calculate PIN block :

I Have ZMK Clear and ZMK under LMK :

719C3A241824146A   >>>>>   ZMK CLEAR 
20E8 0083 F9A2 37B7  >>>>> ZMK under LMK  

2. Generate TMK (A0) : Used ZMK under LMK

result :

 F8A6C4CBA4CB0484  >>>  TMK under LMK
 5A8F9DEE64F479E5  >>>  TMK under ZMK

3. Generate TPK (HC) :  Used TMK under LMK 

result :

EEBF84AA0C58F060 >>> TPK under TMK
FEBE47F0A74ACD55 >>> TPK under LMK

4.   Calculate PIN using PIN Format 01 

   46AD88FA4B6D57A4  >>> TPK CLEAR ( PINKEY)

   2580                >>> pin
   5577911412000028    >>> pan
   0425F9EEBEDFFFFD    >>> pin block after xor
   77E73303BDDDAEC0    >>> encrted pin 

5. Translate PIN using CA

FEBE47F0A74ACD55   TPK under LMK

BEFF658B05A49D7E  ZPK under LMK

77E73303BDDDAEC0  SRC PIN block

"1234CAFEBE47F0A74ACD55BEFF658B05A49D7E1277E73303BDDDAEC00101791141200002"

And do you know how generate TMK and TPK using online status but not authorized , because if i used A0 and HC i must the authorize status in HSM 8000

 

Thanks

IKetutG

 

 

Coordinator
Nov 2, 2010 at 5:44 PM

I assume you're using the standard LMK set. An encrypted TPK FEBE47F0A74ACD55 has a clear value of AB92FE9EA7165D0D in my environment. As a consequence, the encrypted PIN block is different to the one you describe and the simulator gets it wrong.

If you're building from sources, you can use the ThalesKeyManager utility to store the clear/encrypted values of your test keys. You can also use the utility to see that encrypted TPK FEBE47F0A74ACD55 = clear TPK AB92FE9EA7165D0D and not 46AD88FA4B6D57A4 that you're using. I assume that this was a mistake either in generating the test keys or in copy-pasting the keys. Can you please have another look and confirm this?

Nov 3, 2010 at 5:11 AM

hi nickntg ,

i have tpk clear = 46AD88FA4B6D57A4

from

 (TMK under ZMK) [5A8F9DEE64F479E5]  decrypted   [719C3A241824146A]  ZMK CLEAR 

result is TMK Clear = 141C15F0B183BC92

(TPK under TMK) [EEBF84AA0C58F060]  decrypted  [141C15F0B183BC92] TMK Clear 

result is TPK Clear = 46AD88FA4B6D57A4

and how you get  clear TPK AB92FE9EA7165D0D .

 

And my second answer do you know how generate TMK and TPK using online status but not authorized , because if i used A0 and HC i must the authorize status in HSM 8000.

Thanks

Nickntg

 

Coordinator
Nov 3, 2010 at 10:05 AM

I've added and debugged a test case for your data, sending FEBE47F0A74ACD55BEFF658B05A49D7E1277E73303BDDDAEC00101791141200002 to the CA command, hence FEBE47F0A74ACD55 is the TPK. When decrypted, encrypted FEBE47F0A74ACD55 = clear AB92FE9EA7165D0D. You may also use the Thales Key Manager project from the source code to see the same thing. In addition to the TPK, clear ZMK=719C3A241824146A means encrypted ZMK=8C8DDA7603F55BBB.

One thing I've asked before but you didn't respond to is, are you using the standard LMK simulator set? The LMK keys are stored in the LMKSTORAGE.TXT file. If you change any of the values in there, then you have different LMK keys than the defaults (which I have) and I cannot decrypt your keys or repeat any steps of your test. The content of the default LMK store is the following:

; LMK Storage file
01010101010101017902CD1FD36EF8BA
20202020202020203131313131313131
40404040404040405151515151515151
61616161616161617070707070707070
80808080808080809191919191919191
A1A1A1A1A1A1A1A1B0B0B0B0B0B0B0B0
C1C1010101010101D0D0010101010101
E0E0010101010101F1F1010101010101
1C587F1C13924FEF0101010101010101
01010101010101010101010101010101
02020202020202020404040404040404
07070707070707071010101010101010
13131313131313131515151515151515
16161616161616161919191919191919
1A1A1A1A1A1A1A1A1C1C1C1C1C1C1C1C
23232323232323232525252525252525
26262626262626262929292929292929
2A2A2A2A2A2A2A2A2C2C2C2C2C2C2C2C
2F2F2F2F2F2F2F2F3131313131313131
01010101010101010101010101010101

Please have a look and see if your LMKSTORAGE.TXT contains those values.

Regarding key generation, standard key generation rules apply for A0 - this means that for a lot of keys you will require the HSM/Simulator to be in the authorized state. Regarding TPKs, which you may want to dynamically create and exchange with a terminal, as far as I know HC can be called without going into the authorized state.