PIN Block Format 05 (ISO 9564-1) TDES Decryption Problem

Apr 17, 2012 at 6:36 AM
Edited Apr 17, 2012 at 11:25 AM

I have searched the documentation and forums but can’t find any help. I have some French Smart Cards which requires the PIN to be submitted to the card during personalization in PIN Block Format 05 (ISO 9564-1 Format 1). When I generate the PIN, I generate a random encrypted PIN (JA) and then translate the PIN to a ZPK using the (JG) command and PIN Block Format 05. During testing I would like to decrypt the PIN from the PIN Block using the clear PEK (PIN Encryption Key). If I generate a Format 01 (Ansi X9.8) PIN Block the PIN is decrypted correctly. However with the Format 05 PIN Block I have problems – I am not sure about the parameters for the TDES call, the account or filler parameter, the Thales Host Command Manual is not very helpful.

Using an 8000 device and this code the first 2 Digits of the PIN is decrypted correctly. The second two digits are incorrect.

Const PEK_Clear As String = "7040706894A83EE957FB910BEF734007"
Const PEK_Encrypted_LMK As String = "UDF2DE3397C9882195E3F531A67FE8059"

Dim str_PAN as string = "4043230441065053"
Dim acctNumber As String = str_PAN.Substring(str_PAN.Length - 13, 12)
Dim pek_key_clear As New Cryptography.HexKey(PEK_Clear)

' Decrypt the PIN from the Tag DF01 - Encrypted PIN Block Format 01 (ANSI X9.8) ' Decrypts Correctly
Dim str_DF01_PIN_BLOCK_Enc As String = "0C62A252B42D8D35"
Dim str_DF01_PIN_BLOCK_dec As String = Cryptography.TripleDES.TripleDESDecrypt(pek_key_clear, str_DF01_PIN_BLOCK_Enc)
str_DF01_PIN_BLOCK_dec = PIN.PINBlockFormat.ToPIN(str_DF01_PIN_BLOCK_dec, acctNumber, PIN.PINBlockFormat.PIN_Block_Format.AnsiX98)

' Decrypt the PIN from the Tag DF26 – ISO 9564-1 Format 1  ' Exception Error
Dim str_DF26_PIN_BLOCK_Enc as String = "B6AC1A31614E7BC2"
Dim str_DF26_PIN_BLOCK_dec As String = Cryptography.TripleDES.TripleDESDecrypt(pek_key_clear, str_DF26_PIN_BLOCK_Enc)			
str_DF26_PIN_BLOCK_dec = PIN.PINBlockFormat.ToPIN(str_DF26_PIN_BLOCK_dec, acctNumber, PIN.PINBlockFormat.PIN_Block_Format.ISO9564_1)

-- Output from Simulator showing how the PIN Blocks are formed

=== [JA], starts 07:02:47.826 =======

[Key,Value]=[Account Number,323044106505]

[Key,Value]=[PIN Length,04]

 

Clear PIN: 9044

Crypt PIN: 09044

=== [JA],   ends 07:02:47.826 =======

 

=== [DG], starts 07:02:47.920 =======

[Key,Value]=[Account Number,323044106505]

[Key,Value]=[Delimiter,;]

[Key,Value]=[PIN,09044]

[Key,Value]=[PVK,C7B53F0588827D29161E35BEADD7FA1A]

[Key,Value]=[PVKI,1]

 

Clear PVKs: XD0AD2CB357193EDCAB317CD6AD077010

Resulting PVV: 1466

=== [DG],   ends 07:02:47.967 =======

 

=== [JG], starts 07:02:48.045 =======

[Key,Value]=[Account Number,323044106505]

[Key,Value]=[PIN,09044]

[Key,Value]=[PIN Block Format Code,01]

[Key,Value]=[ZPK,DF2DE3397C9882195E3F531A67FE8059]

[Key,Value]=[ZPK Scheme,U]

 

Clear ZPK: U7040706894A83EE957FB910BEF734007

Clear PIN: 9044

Clear PIN Block: 049076CFBBEF9AFA

Crypt PIN Block: 0C62A252B42D8D35

=== [JG],   ends 07:02:48.060 =======

 

=== [JG], starts 07:02:48.138 =======

[Key,Value]=[Account Number,323044106505]

[Key,Value]=[PIN,09044]

[Key,Value]=[PIN Block Format Code,05]

[Key,Value]=[ZPK,DF2DE3397C9882195E3F531A67FE8059]

[Key,Value]=[ZPK Scheme,U]

 

Clear ZPK: U7040706894A83EE957FB910BEF734007

Clear PIN: 9044

Clear PIN Block: FFFFCDCFBB14F541

Crypt PIN Block: B6AC1A31614E7BC2

=== [JG],   ends 07:02:48.154 =======

 

Coordinator
Apr 23, 2012 at 7:48 PM

I'm not sure I follow...what were you expecting?

Apr 24, 2012 at 6:33 AM

Not to get an Exception error when I run the code:

str_DF26_PIN_BLOCK_dec = PIN.PINBlockFormat.ToPIN(str_DF26_PIN_BLOCK_dec, acctNumber, PIN.PINBlockFormat.PIN_Block_Format.ISO9564_1)

and to get the Clear PIN: 9044 as in the str_DF01_PIN_BLOCK_Enc.

I have purchased the ISO Specification on PINs. Maybe there is something I don't understand on the ISO 9564-1 Format 1.

Coordinator
Apr 30, 2012 at 11:21 AM

It appears that while ToPINBlock behaves correctly, ToPIN does not. Fixed and posted at change set 75934. You can also download the updated setup from the latest dev build.

Apr 30, 2012 at 11:34 AM

You are a real life hero! Thanks Nick, your software is now ever so better.