HOW TO GENERATE (DERIVE) AN IPEK (IKEY) on Payshield 9000

Nov 19, 2013 at 2:09 PM
Hi Guys,

I'm getting problems to derive (or create) and IPEK based on a BDK already generated.

I already read all the syntax about the A0 command for Payshield 9000, but when I try to send it using the simulator I'm getting response 29.
So, not sure if the simulator is currently supporting A0 for deriving an IPEK from BDK.

For more clarification, the following is the command I'm sending and the response I'm getting:

Input to HSM : 0000A0A302U0EDCC6D6966ADC1A3C83FE89F63BBD483FFFF9876543333E
Output from HSM : 0000A129

Sim App events output:

Request: 0000A0A302U0EDCC6D6966ADC1A3C83FE89F63BBD483FFFF9876543333E
Parsing header and code of message 0000A0A302U0EDCC6D6966ADC1A3C83FE89F63BBD483FFFF9876543333E...
Searching for implementor of A0...
Found implementor ThalesSim.Core.HostCommands.BuildIn.GenerateKey_A0, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 0000A129
Calling Terminate()...
Implementor to Nothing
Client disconnected.

Can you guys give me some light here?


Thanks!!
Dec 5, 2013 at 7:41 PM
Hi...

It looks like you're missing a parameter, DUKPT master key type, and the BDK key scheme

Can you try
0000A0A302U01UEDCC6D6966ADC1A3C83FE89F63BBD483FFFF9876543333E


That's
0000A0A302U0 1U EDCC6D6966ADC1A3C83FE89F63BBD483FFFF9876543333E
1= for example, BDK-type1,
U= key scheme