snowch
commented
9 years ago @zeeshan949, I've fixed up the instructions for the FK command. Can you please let me know if this solves the issue?
Closed zeeshan949 closed 9 years ago
snowch
commented
9 years ago @zeeshan949, I've fixed up the instructions for the FK command. Can you please let me know if this solves the issue?
zeeshan949
commented
9 years ago Thank you for response. After following new instruction following error occoured now.
"DATA INVALID; DOUBLE-LENGTH ENCRYPTED COMPONENTS MUST BE KEY SCHEME AND 32 HEX CHARACTERS"
Connected - Type in commands followed by ENTER. GC Key length [1,2,3]: 2 Key Type: 000 Key Scheme: U Clear Component: 515E 3475 07A8 F2BF B525 6E25 516B C83D Encrypted Component: U 18F9 8240 73DA EDED 87B8 84EB 1301 D295 Key check value: 1EE0 CA GC Key length [1,2,3]: 2 Key Type: 000 Key Scheme: U Clear Component: B698 4AAD FE58 0B01 D0A4 5E16 D092 DC76 Encrypted Component: U 59A0 DAEA 43D8 F656 D910 7C7D 13F1 CE07 Key check value: 0CB3 2C GC Key length [1,2,3]: 2 Key Type: 000 Key Scheme: U Clear Component: 3DE9 9291 9446 984A 15CB FD8C 62A2 29F2 Encrypted Component: U CAEE 8FA7 4649 EFD2 DE28 A44A 9F3B 62D6 Key check value: 7240 BD FK Key length [1,2,3]: 2 Key Type: 000 Key Scheme: U Component type [X,H,E,S]: E Enter number of components (2-9): 3 Enter component #1: 18F9824073DAEDED87B884EB1301D295 Enter component #2: 59A0DAEA43D8F656D9107C7D13F1CE07 Enter component #3: CAEE8FA74649EFD2DE28A44A9F3B62D6 DATA INVALID; DOUBLE-LENGTH ENCRYPTED COMPONENTS MUST BE KEY SCHEME AND 32 HEX CHARACTERS
snowch
commented
9 years ago @zeeshan949 - Can you try a component type of X instead of E?
@lacisjur - Is there some documentation available that describes what the different component types [X, H, E, S] mean?
Many thanks!
Chris
zeeshan949
commented
9 years ago Thank you @snowch after using component type X ZMK key is generated
FK Key length [1,2,3]: 2 Key Type: 000 Key Scheme: U Component type [X,H,E,S]: X Enter number of components (2-9): 3 Enter component #1: 18F9824073DAEDED87B884EB1301D295 Enter component #2: 59A0DAEA43D8F656D9107C7D13F1CE07 Enter component #3: CAEE8FA74649EFD2DE28A44A9F3B62D6 Encrypted key: U F744 2D16 9C4F 2E55 C00F 2982 472E 52C0 Key check value: 7F72 A2
snowch
commented
9 years ago @zeeshan949 you're welcome!
I started writing this book when I started learning about HSMs, but I hit a brick wall due to the lack of any tutorial style documentation. Therefore, as you are going through your learning journey, if you can think of any content that can be added to the book - it will be really appreciated :)
zeeshan949
commented
9 years ago @snowch Found component types as described following
X = Clear XOR H = Clear Half or Third Key E = Encrypted S = Smartcard
snowch
commented
9 years ago Thanks Zeeshan! Are you happy for me to add your name to the list of the book contributors?
zeeshan949
commented
9 years ago Yes you can as you said earlier there is not much material and guides available for HSM and i am hitting my head hard to get things done. This guide will be helpful for many peoples in future nice effort. Working on PIN Block Generation now :)
lacisjur
commented
9 years ago Hi!
I will check that issue with the HSM simulator.
Do you have an access to the real one HSM?
Regards, Juris
On Wed, Sep 3, 2014 at 12:40 PM, Zeeshan Ahmad notifications@github.com wrote:
Thank you for your hsm-guide book this is very helpful understanding working of HSM and also work with Thales Simulator. After following your guide and tried to generate ZMK with simulator console. But when send FK command to console and enter pre generated ZMK components console give error "INVALID KEY".
Thales simulator version 0.9.6 OS Windows 8.1
See console logs
Connected - Type in commands followed by ENTER. GC Key length [1,2,3]: 2 Key Type: 000 Key Scheme: U Clear Component: 0275 76E5 07A7 CB3B FB32 0D07 40BA DC51 Encrypted Component: U FE61 44E1 4EB2 BC48 4888 7E19 A592 D7B3 Key check value: E341 91 GC Key length [1,2,3]: 2 Key Type: 000 Key Scheme: U Clear Component: 616E 32A8 F7CB 0461 20A7 B583 1007 A273 Encrypted Component: U 0E40 2740 82B5 0098 5051 B8B8 1070 E5A0 Key check value: 2605 25 GC Key length [1,2,3]: 2 Key Type: 000 Key Scheme: U Clear Component: 191A 547C 0B3B 045E AB8C 3E51 92D0 15DC Encrypted Component: U E4EF C72D 2EB6 FC0C 5C8B 9FFC 760E 80F2 Key check value: 39E9 9C
FK Key length [1,2,3]: 2 Key Type: 000 Key Scheme: U Component type [X,H,E,S]: E Enter number of components (2-9): 3 Enter component #1 https://github.com/snowch/hsm-guide/pull/1: U FE61 44E1 4EB2 BC48 4888 7E19 A592 D7B3 INVALID KEY
— Reply to this email directly or view it on GitHub https://github.com/snowch/hsm-guide/issues/4.
snowch
commented
9 years ago @lacisjur - is the question for me, or @zeeshan949?
If the question is for me, then no, I don't have access to a real HSM :(
lacisjur
commented
9 years ago that question was to @zeeshan949 https://github.com/zeeshan949 :)
On Fri, Sep 5, 2014 at 2:19 PM, Chris Snow notifications@github.com wrote:
@lacisjur https://github.com/lacisjur - is the question for me, or @zeeshan949 https://github.com/zeeshan949?
If the question is for me, then no, I don't have access to a real HSM :(
— Reply to this email directly or view it on GitHub https://github.com/snowch/hsm-guide/issues/4#issuecomment-54613109.
zeeshan949
commented
9 years ago @lacisjur currently i do not have access to real HSM. But i have checked these details from another location/source. Will get HSM access soon as things are going.
erfanhossainshoaib
commented
6 years ago I have a problem to import key using ZMK. Generated ZMK successfully from Thales Console and KCV is matched. But can't import PEK by using IK command.
Generated ZMK : U09C26D8449DFB036466CBE693CA244A0 PEK : 56C8DACE4447FFC02D9F385D67072A88 KCV : 142623
Sending command: HeadA6002U09C26D8449DFB036466CBE693CA244A0X56C8DACE4447FFC02D9F385D67072A88U00 Response: HeadA726, Error code : 26 means Invalid Key Scheme
Tried with below commands also but same result. Sending commands are
HeadA6002U09C26D8449DFB036466CBE693CA244A0U56C8DACE4447FFC02D9F385D67072A88U00 HeadA6002U09C26D8449DFB036466CBE693CA244A0T56C8DACE4447FFC02D9F385D67072A88U00 HeadA6002U09C26D8449DFB036466CBE693CA244A0Z56C8DACE4447FFC02D9F385D67072A88U00 HeadA6002U09C26D8449DFB036466CBE693CA244A0E56C8DACE4447FFC02D9F385D67072A88U00 HeadA6002U09C26D8449DFB036466CBE693CA244A0S56C8DACE4447FFC02D9F385D67072A88U00
Response are same for all command. Response is HeadA726
Thank you for your hsm-guide book this is very helpful understanding working of HSM and also work with Thales Simulator. After following your guide and tried to generate ZMK with simulator console. But when send FK command to console and enter pre generated ZMK components console give error "INVALID KEY".
Thales simulator version 0.9.6 OS Windows 8.1
See console logs
Connected - Type in commands followed by ENTER. GC Key length [1,2,3]: 2 Key Type: 000 Key Scheme: U Clear Component: 0275 76E5 07A7 CB3B FB32 0D07 40BA DC51 Encrypted Component: U FE61 44E1 4EB2 BC48 4888 7E19 A592 D7B3 Key check value: E341 91 GC Key length [1,2,3]: 2 Key Type: 000 Key Scheme: U Clear Component: 616E 32A8 F7CB 0461 20A7 B583 1007 A273 Encrypted Component: U 0E40 2740 82B5 0098 5051 B8B8 1070 E5A0 Key check value: 2605 25 GC Key length [1,2,3]: 2 Key Type: 000 Key Scheme: U Clear Component: 191A 547C 0B3B 045E AB8C 3E51 92D0 15DC Encrypted Component: U E4EF C72D 2EB6 FC0C 5C8B 9FFC 760E 80F2 Key check value: 39E9 9C
FK Key length [1,2,3]: 2 Key Type: 000 Key Scheme: U Component type [X,H,E,S]: E Enter number of components (2-9): 3 Enter component #1: U FE61 44E1 4EB2 BC48 4888 7E19 A592 D7B3 INVALID KEY