FA Command fails, the decrypting of the encrypted pin key matches only the first half of the clear that was encrypted

Jul 8, 2016 at 9:24 AM
Generated various key as follows
GENERATE CLEAR ZMK and ENCRYPTED ZMK under LMK
GC
Key length [1,2,3]: 2
Key Type: 000
Key Scheme: U
Clear Component: B3C2 1001 9851 0DCB A4B5 40C8 45D5 B502 
Encrypted Component: U ED31 B745 D878 9D85 67E7 1F7D 8C88 3E5E 
Key check value: E68C53



GENERATE CLEAR ZPK AND Encrypted ZPK under LMK
GC
Key length [1,2,3]: 2
Key Type: 001
Key Scheme: U
Clear Component: A75D 4F29 643B D031 804F ADFB 54EC 4A54 
Encrypted Component: U A9C3 68CF F695 B72F EEEA EE2F AE74 86FF 
Key check value: 5D11 48

ZPK UNDER ZMK
KE
Key Type: 001
Key Scheme: X
Enter encrypted ZMK: UED31B745D8789D8567E71F7D8C883E5E
Enter encrypted key: UA9C368CFF695B72FEEEAEE2FAE7486FF
Key encrypted under ZMK: X 7913 1546 165E 21EE 7963 6234 F08B FCE2 
Key Check Value: 5D1148
Now I use the clear ZPK and encrypt it under the clear ZMK using a DES calculator.
 ZPK Clear = A75D4F29643BD031804FADFB54EC4A54
ZMK Clear = B3C2100198510DCBA4B540C845D5B502
Encrypted ZPK = 79131546165E21EE79636234F08BFCE2
The FA command fails

FA Command Sent by code
127.0.0.1:18694
30 30 30 32 46 41 55 45 | 0002FAUE
44 33 31 42 37 34 35 44 | D31B745D
38 37 38 39 44 38 35 36 | 8789D856
37 45 37 31 46 37 44 38 | 7E71F7D8
43 38 38 33 45 35 45 58 | C883E5EX
37 39 31 33 31 35 34 36 | 79131546
31 36 35 45 32 31 45 45 | 165E21EE
37 39 36 33 36 32 33 34 | 79636234
46 30 33 46 46 43 45 32 | F03FFCE2
FB response sent by Thales Sim
127.0.0.1:18694
30 30 30 32 46 42 30 31 | 0002FB01
58 33 43 32 36 35 33 39 | X3C26539
38 35 33 45 31 32 34 41 | 853E124A
34 44 41 39 42 44 45 31 | 4DA9BDE1
33 31 35 42 31 44 34 39 | 315B1D49
35 44 30 34 31 45 32 31 | 5D041E21
41 35 34 42 31 32 34 30 | A54B1240
38                      | 8
Command Events
=== [FA], starts 13:15:22.460 =======
[Key,Value]=[Key,79131546165E21EE79636234F03FFCE2]
[Key,Value]=[Key Scheme,X]
[Key,Value]=[ZMK,ED31B745D8789D8567E71F7D8C883E5E]
[Key,Value]=[ZMK Scheme,U]

ZMK (clear): UB3C2100198510DCBA4B540C845D5B502
ZPK (clear): A75D4F29643BD031BC175E6354856910
Key (clear): A75D4F29643BD031BC165E6254856810
Key (LMK): X3C26539853E124A4DA9BDE1315B1D495
Check value: D041E21A54B12408
=== [FA],   ends 13:15:22.495 =======
The key clear has the first half that matches the first half of the zpk. The second half doesn't match. The whole ZPK needs to match which it doesnt and I am not sure why this happens.
Jul 8, 2016 at 1:29 PM
Found the problem. One of my routines for changing the bytes being sent to the HSM.
It could not translate the 8B in the encrypted zpk and was translating it to a 3F due it not finding the appropriate encoding.