Client Simulator to send keys

140 views
Skip to first unread message

Joe Hackett

unread,
Nov 17, 2016, 3:08:49 PM11/17/16
to jPOS Users
Hello All, 

I started working on jPOS a while back and then the project was put on hold. Now I have been tasked with writing a simple client to send messages. I have gone thru the client simulator and was able to get it all working and I'm able to send messages with out the Pin's. One thing that I'm not able to accomplish is to do the key exchanges(0800/0810 messages) and converting clear PIN in to a pinblock. 

I have the ZMK that is used by a simulator written in C#, which was given to us by the vendor. This simulator is able to do the key exchanges and is able to send the pinblock (PIN's are entered in clear on the simulator) in the messages.  When talking to the folks(very limited access) who wrote this simulator, they say that, they create a ZPK using this ZMK and transport the ZPK in the 0800 message to the server. They then use this ZPK to create the pin block and encode it using BASE64. 

Can someone please suggest what should I do, to have jPOS client simulator do the same. Should I concentrate on SMAdapter? Is there anything else that I need to look at? Need to make this work so badly, please.

Thanks in advance.

Joe Hackett

Alejandro Revilla

unread,
Nov 17, 2016, 8:26:51 PM11/17/16
to jPOS Users
Once you have the client simulator running, you probably want to create a small PoC or unit test using the SMAdapter to validate you can import the ZMK into the SM's LMKs, then the ZPKs, and then be able to create a proper PIN Block. Once you have all that running in a PoC, it will be pretty straight forward to integrate it into the Q2 code.

It's not easy and the bad part if that everything fails until it suddenly works, and you have to work quite blind until you get it to work. Make sure you triple-check every step, specially where you can have some reality checks by validating the key check values for your ZMK, ZPK, etc.



Joe Hackett

unread,
Nov 17, 2016, 8:43:28 PM11/17/16
to jPOS Users
I'm honored to receive a reply from SIR Alejandro. I will try the SMAdapter route and will let you know. 

Thanks & High Regards,
Joe Hackett.

Alejandro Revilla

unread,
Nov 17, 2016, 8:56:48 PM11/17/16
to jpos-...@googlegroups.com
Thanks for the title :) :)

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.
To post to this group, send email to jpos-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/a8257c1a-44cc-4501-b763-37ac1ead41e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

chhil

unread,
Nov 17, 2016, 10:09:53 PM11/17/16
to jpos-...@googlegroups.com

Join the jpos slack community, direct access to sir. Sir can provide more details.


Joe Hackett

unread,
Nov 21, 2016, 10:56:29 AM11/21/16
to jPOS Users
Where and how do i type the smconsole command? I'm able to bring up the bin/q2 but dont know where to type the command to rebuild lmk based on zmk. Also, following is the command that i was planning to use:

smconsole --rebuildlmk org\jpos\security\my.lmk KE 128 KEK C1E9C840B06B45641F4A52BC0DB97343 A595B5

Thanks
Joe


On Thursday, November 17, 2016 at 8:26:51 PM UTC-5, Alejandro Revilla wrote:

Joe Hackett

unread,
Nov 21, 2016, 11:11:59 AM11/21/16
to jPOS Users
Ok. I was able to run this command and It did create the LMK file: I will now try the SMAdapter.

java -jar jpos-2.0.2.jar -c "smconsole -lmk c:\temp\lmk -rebuildlmk KE 128 KEK C1E9C840B06B45641F4A52BC0DB97343 A595B5; shutdown --force"

Joe Hackett

unread,
Nov 21, 2016, 11:28:53 AM11/21/16
to jPOS Users
So now I get Parity Not Adjusted error when I try to run the following: Can anyone help please.

public static void main (String args[]) {  
        try {  
            Logger logger = new Logger();  
            logger.addListener(new SimpleLogListener(System.out));  
            Properties cfgProps = new Properties();  
            cfgProps.setProperty("lmk", "c:/temp/lmk");  
            Configuration cfg = new SimpleConfiguration(cfgProps);  
            SMAdapter sm = new JCESecurityModule(cfg, logger, "security-module");  
  
SecureDESKey sdk = new SecureDESKey(SMAdapter.LENGTH_DES3_2KEY, SMAdapter.TYPE_ZMK, "B0937104BADB3338B47F15DFEA311BCE", "A595B5");
JCESecurityModule jcesecmod = new JCESecurityModule("c:/temp/lmk", "com.sun.crypto.provider.SunJCE");
EncryptedPIN pinUnderLMK = jcesecmod.encryptPIN("1234", "5511985236238");
EncryptedPIN pinUnderTPK = jcesecmod.exportPINImpl(pinUnderLMK, sdk, SMAdapter.FORMAT00);
System.out.println(ISOUtil.hexString(pinUnderTPK.getPINBlock()));


Error:

<log realm="security-module" at="Mon Nov 21 11:24:23 EST 2016.129" lifespan="1ms">
  <local-master-keys>
    Loaded successfully from file: "C:\temp\lmk"
  </local-master-keys>
</log>
org.jpos.security.jceadapter.JCEHandlerException: Parity not adjusted
        at org.jpos.security.jceadapter.JCESecurityModule.decryptFromLMK(JCESecurityModule.java:1112)
        at org.jpos.security.jceadapter.JCESecurityModule.exportPINImpl(JCESecurityModule.java:299)
        at TestSMA2.main(TestSMA2.java:92)

Thanks
Joe

Mark Salter

unread,
Nov 21, 2016, 12:06:42 PM11/21/16
to jPOS Users


On Monday, November 21, 2016 at 4:28:53 PM UTC, Joe Hackett wrote:
So now I get Parity Not Adjusted error when I try to run the following: Can anyone help please.
You are on the internet, please search and you will find - probably in this mailing list too...

https://groups.google.com/forum/#!searchin/jpos-users/parity|sort:relevance

--
Mark
Message has been deleted

Joe Hackett

unread,
Nov 21, 2016, 3:25:10 PM11/21/16
to jPOS Users
Thanks Mark. Yes was able to take care of that. One last question: How do i create a working key? i believe it is called as ZPK. Our iso8583 spec says that the data length is 36. 32 of which is the key and 4 is check digits. 

Steps that i have done so far: 
rebuilt LMK - java -jar jpos-2.0.2.jar -c "smconsole -lmk c:\temp\lmk -rebuildlmk; shutdown --force"
loaded ZMK - java -jar jpos-2.0.2.jar -c "smconsole -lmk c:\temp\lmk KE 128 KEK C1E9C840B06B45641F4A52BC0DB97343 A595B5; shutdown --force"

is this is how to create/load the zpk?  -  java -jar jpos-2.0.2.jar -c "smconsole -lmk c:\temp\lmk FK 128 ZPK 4FEC5911F640FB9AF1EEBDACA7FB59B2 00000000000000000000000000000000 00000000000000000000000000000000; shutdown --force"

if yes, then I get a value of:
<data>D7285E386D279191356EFA32BDEDD443</data>
        <check-value>6E52CD</check-value>

How do i transform the check-value to 4 byte?  Please help.

Thanks
Joe

Mark Salter

unread,
Nov 22, 2016, 4:22:38 AM11/22/16
to jPOS Users


On Monday, November 21, 2016 at 8:25:10 PM UTC, Joe Hackett wrote:
        <check-value>6E52CD</check-value>

How do i transform the check-value to 4 byte?  Please help.

4 bytes of hexadecimal or 4 bytes binary?

Take a look in the source for the tools you are using for how to get a byte[] of the KCV?  Then you can do the transform as needed :-

I presume 4 bytes of character hex (6E52 here)

String hexCharKCV = (ISOUtil.hexString( JCESecurityModule.generateKeyCheckValueImpl (....))).substring(0,4);

--
Mark

Joe Hackett

unread,
Nov 22, 2016, 9:30:31 AM11/22/16
to jPOS Users
Thanks Mark. Let me try this.

Regards
Joe

Joe Hackett

unread,
Nov 22, 2016, 7:08:02 PM11/22/16
to jPOS Users
For the life of me, i'm unable to successfully create a working and corresponding pin block. I'm exhausted. Is there a way to buy support if it is not too expensive?

Victor Salaman

unread,
Nov 22, 2016, 7:33:37 PM11/22/16
to jpos-...@googlegroups.com
Be on the slack channel

Sent from my iPhone
--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.
To post to this group, send email to jpos-...@googlegroups.com.

Alejandro Revilla

unread,
Nov 22, 2016, 8:32:25 PM11/22/16
to jPOS Users
Transactility conducts free jPOS webinars every other Friday, perhaps you can assist to one of those:


And as Victor said, you can join us in http://jpos.slack.com/ - just let me know if you need an invite.



--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+unsubscribe@googlegroups.com.

Joe Hackett

unread,
Nov 23, 2016, 9:27:39 AM11/23/16
to jPOS Users
Yes sir. please send me an invite.

Thanks & Regards
Joe


To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.

Alejandro Revilla

unread,
Nov 23, 2016, 10:18:51 AM11/23/16
to jPOS Users
Done. If you don't see it, please check your spam folder, for some reason, Slack invitations sometimes land there.


Joe Hackett

unread,
Nov 23, 2016, 3:07:46 PM11/23/16
to jPOS Users
Thanks for the invite sir. Finally got it accomplished with java.security and javax.crypto. It works now. However I would spend some time in going thru jpos to see what I did wrong. For now, I will be going thru the max sessions client param and see how i can multi thread the entire process and use tps to get some initial metrics.

Thanks a million for all your help.

High Regards 
Joe

Alejandro Revilla

unread,
Nov 23, 2016, 3:19:09 PM11/23/16
to jPOS Users
Awesome. The jPOS SSM makes things harder because it mimics a real HSM using keys that are actually encrypted under local master keys, so everything is indirect and it's easy to get wrong. Perhaps that was the problem. Good you've solved the problem.



--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+unsubscribe@googlegroups.com.

To post to this group, send email to jpos-...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages