Generate PIN Block from CLEAR PIN
Goodangel.Matope
I am trying to generate a PIN block from a CLEAR pin for testing. I
want to inject some test messages into Postilion, hence I need to be
able to generate a valid pin block from a string with a known correct
PIN for a card, such as "2311"
It seems most of the posts in this group deal with Translating a PIN
block rather than building it. Please assist!
Mark Salter
> I am trying to generate a PIN block from a CLEAR pin for testing. I
> want to inject some test messages into Postilion, hence I need to be
> able to generate a valid pin block from a string with a known correct
> PIN for a card, such as "2311"
>
Do you have the DES keys you need to use?
Do you have an HSM with test keys you could use??
> It seems most of the posts in this group deal with Translating a PIN
> block rather than building it. Please assist!
>
Hmmm, I think there was very recent discussion on PIN Block
*construction*, although it was rather a confusing one as the OP was
using a strange (unsecure) way of getting the PIN into the PIN block.
--
Mark
Goodangel.Matope
to grips with the principle first, so that I would at least write the
code for it, then try it out at the client's test site. We will need
to use 3des encryption for the PIN block. We want to be able to inject
some test transactions using a card with a known pin, so in my test
app we will assign PIN = "1234" and then build a pin block from that.
In short, I am trying to generate a financial request which will have
a valid PIN block, and I want to be able to "cheat" by converting a
PIN that I know works into a PIN block.
Mark Salter
> We will have access to an HSM with test keys to use. I wanted to get
> to grips with the principle first, so that I would at least write the
> code for it, then try it out at the client's test site.
PIN block' message?
This way you could perhaps use the same key file, holding the same
encrypted keys as the system and the same HSM to do the work that the
target system would use?
Client? Please ensure you are meeting license conditions.
> We will need
> to use 3des encryption for the PIN block. We want to be able to inject
> some test transactions using a card with a known pin, so in my test
> app we will assign PIN = "1234" and then build a pin block from that.
>
> In short, I am trying to generate a financial request which will have
> a valid PIN block, and I want to be able to "cheat" by converting a
> PIN that I know works into a PIN block.
I get that.
You will still need to know and share here the details of...
- What flavour of PIN block do you need?
- What *clear* keys will you use to produce the PIN block?
You will need them in the clear *if* you don't use the client's HSM.
(Your client might be wary of this?)
You will need to know them to encrypt the clear PIN block of the
right format.
... if you really want us to be able to help.
--
Mark
kapilashantha rajapaksha
There are setup formats for PINB. Which type of format you need?
Anyway,
This for PIN block format 0
Using PIN,
A = 0412 34FF FFFF FFFF (4 = length of clear PIN)
You have to mate ANB using your PAN,
PAN = 40000012 3456 2, where the check digit is 2, the block is:
ANB = 0000 4000 0012 3456
Clear PIN block = A XOR ANB
Now you can use the Triple-Des encryption uisng TPK(PPK) which is basically is session key that received under TMK.
public byte[] encrypt(SecretKey secretKey, byte[] clearBytes,
Provider p, String mode, byte[] IV) throws Exception {
if ("CBC".equals(mode)) {
Cipher cipher = Cipher.getInstance("DESede/CBC/NoPadding", p
.getName());
cipher
.init(Cipher.ENCRYPT_MODE, secretKey, new IvParameterSpec(
IV));
return cipher.doFinal(clearBytes);
} else {
Cipher cipher = Cipher.getInstance("DESede/ECB/NoPadding", p
.getName());
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
return cipher.doFinal(clearBytes);
}
}
You have to use mode "ECB"
What type of HSM you are using ? is it Thales of Eracom ?
Best regards
-Kapila
--
You received this message because you are subscribed to the "jPOS Users" group.
Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first
To post to this group, send email to jpos-...@googlegroups.com
To unsubscribe, send email to jpos-users+...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/jpos-users
Alejandro Revilla
private byte[] calculatePINBlock (String pin, byte pinBlockFormat, String accountNumber)
that you could use as a starting point.
This method is private for a good reason, you never want a pinblock in the clear, but for testing purposes you can make it public.
--Alejandro