Re: [jpos-users] DUKPT PIN verification error

254 views
Skip to first unread message

AAO

unread,
Oct 21, 2012, 1:16:00 PM10/21/12
to jpos-...@googlegroups.com
Arun -

See KSN/KSN Descriptor Enlightenment delivered just now in a separate answer.

One first thought here...your Decimalization Table....

Of it, Thales says:

Decimalization Table: Encrypted/Plaintext [E/P]
• When set to ‘E’ (the default setting), the supplied decimalization table must be encrypted (using console command ED), and will consist of 16 hexadecimal digits.
• When set to ‘P’, the supplied decimalization table must be plaintext, and will consist of 16 decimal digits.

Did you go out of your way to change the setting to plaintext? Because you're providing a plaintext value in your command.

To rectify, you can either:

a) Encrypt the decimalization table using ED.  (If attempts to address ED last longer than four hours, please see a doctor).

-- OR --

b) Change the Console setting to 'P': http://screencast.com/t/qVabDyZQDR

Andy Orrock 

On Sun, Oct 21, 2012 at 10:50 AM, Arunkumar D <arun....@gmail.com> wrote:
While working in DUKPT, I came across the below problem. If you could help me out, it will be more helpful to me.

    I am using Thales RG8000 HSM.

    2012-10-17 17:49:14,607: INFO - [XBExtCommPoint] TCPIP Hexdump while sending

    000000: 00 8f 30 30 30 39 43 4b 39 30 39 45 39 36 30 35  ..0009CK909E9605
    000010: 33 36 39 34 31 38 32 31 42 37 35 41 42 37 46 37  36941821B75AB7F7
    000020: 31 38 31 46 33 39 43 37 36 35 46 31 35 34 36 41  181F39C765F1546A
    000030: 43 31 35 37 38 36 36 32 36 30 35 37 35 41 32 44  C157866260575A2D
    000040: 41 30 30 30 30 32 30 30 30 31 36 30 35 41 36 32  A000020001605A62
    000050: 38 32 43 42 39 38 41 35 44 33 30 30 34 36 32 34  82CB98A5D3004624
    000060: 32 35 30 34 39 35 37 37 36 31 32 33 34 35 36 37  2504957761234567
    000070: 38 39 30 31 32 33 34 35 36 34 33 38 36 32 34 32  8901234564386242
    000080: 35 30 34 4e 36 31 32 33 34 46 46 46 46 46 46 46  504N61234FFFFFFF
    000090: 46                                                                             F


    2012-10-17 17:49:14,816: INFO - [XBExtCommPoint] TCPIP Hexdump at receive

    000000: 00 08 30 30 30 39 43 4c 32 34                    ..0009CL24


    The Message split-up is as follows;

    CmdCode => CK ( Verify DUKPT PIN IBM Method )

    BDK Encypted by LMK => 909E960536941821B75AB7F7181F39C7

    PVK Encrypted by LMK => 65F1546AC1578662 ( a Single Length One )

    KSN Descriptor => 605

    KSN => 75A2DA0000200016 ( My KSN Comprises of 75A2DA - BDK Id, 00002 - Device Id, 00016 - Counter )

    Source Pin Block => 05A6282CB98A5D30

    Check Length => 04

    Account Number => 624250495776 ( 12 Digits excluding check digit )

    Decimalization Table => 1234567890123456

    PIN Validation Data => 4386242504N6

    Pin Offset => 1234FFFFFFFF ( Padded with 'F's )

   
    As mentioned in the response message, I am getting error as "PIN is fewer than 4 or more than 12 digits in length"

    Since I am testing my application without PED, I am using the PIN Block generated by a DUKPT utility
                                        at     http://www.codemagus.com/WebTools/cgi-bin/cmldkgipek

    The Clear BDK is 75A2DA799E4361FBA7C479FE5225FB1F

    I created BDK as follows ( in console ),

    1. DD Command
             5EC7 3EF8 D680 5880 9D34 6BBF 29E0 EF45   ( Clear ZMK )

    2. DE Command
            A645 54F1 867F E2B8 3126 2DAC 8739 A0DB ( Encrypted ZMK )
            6FDF A94A ( Check Value )

    3. DG Command
        BDK Encrypted by ZMK : 67BE 7632 F7A0 856D E109 90A4 D89A BB5A
        BDK Encrypted by LMK : 909E 9605 3694 1821 B75A B7F7 181F 39C7


    Can you please help me to find out the reason for this error code 24?

    Please enlighten me on the concepts of KSN and KSN Descriptor.

   Additional Info :

   Clear PIN is "2449"

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage.
Please support jPOS, contact: sa...@jpos.org
 
You received this message because you are subscribed to the "jPOS Users" group.
Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first
To post to this group, send email to jpos-...@googlegroups.com
To unsubscribe, send email to jpos-users+...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/jpos-users
 
 
 

Reply all
Reply to author
Forward
0 new messages