Decrypting PIN Field 52

[gxgr...@gmail.com]

Hello,

We use jpos for processing Star transactions (binary/ebcdic) ISO8583 messages.  We are now in the process of receiving an encrypted PIN from Star (previously Star handled all the PIN verification processing).  We need to decrypt the PIN sent to us in field 52.  The packager field 52 definition looks like this: 

<isofield id="52" length="8" name="PIN DATA" class="org.jpos.iso.IFB_BINARY"/>

We have the encryption keys that were used to encrypt the PIN from Star.  I understand that an HSM is needed in production in order to decrypt/translate the encrypted PIN.  However, we are in test and certification with Star so we need to be able to decrypt the PIN using software.  During certification, Star mentions using variant 1 to generate a check digit (which apparently we need to verify) and then they use variant 4 to do the actual PIN encryption.  I'm not familiar with the variant algorithms they are referencing.

Does jpos have a library/class that will help with the PIN decryption assuming I have the encryption keys?  I'm not exactly sure how to go about decrypting the PIN so any guidance would be greatly appreciated. 

Thanks, 

Greg 

[Mark Salter]

On 16/08/2013 06:42, gxgr...@gmail.com wrote:
> We have the encryption keys that were used to encrypt the PIN from Star.
> I understand that an HSM is needed in production in order to
> decrypt/translate the encrypted PIN. However, we are in test and
> certification with Star so we need to be able to decrypt the PIN using
> software.

Why wouldn't they be certifying your solution as it will process in
production?

Won't another 'like live' certification then be needed though?

> During certification, Star mentions using variant 1 to
> generate a check digit (which apparently we need to verify) and then
> they use variant 4 to do the actual PIN encryption. I'm not familiar
> with the variant algorithms they are referencing.

Then you should ask them for their supporting documentation?

>
> Does jpos have a library/class that will help with the PIN decryption
> assuming I have the encryption keys? I'm not exactly sure how to go
> about decrypting the PIN so any guidance would be greatly appreciated.

It is probably triple DES, so any crypto library will be able to help you?

The structure of the 'clear PIN Block' once decrypted, you will need to
check with Star - again, their documentation will hold the detail you need.

--
Mark

[Zablon Ochomo]

PIN data on field 52 should be handled by a HSM. In this case you need the HSM device loaded with the right KEYS then you can send PIN verification commands with field 52 data.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage.
Please support jPOS, contact: sa...@jpos.org
 
You received this message because you are subscribed to the "jPOS Users" group.
Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first
To post to this group, send email to jpos-...@googlegroups.com
To unsubscribe, send email to jpos-users+...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/jpos-users
 
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
Zablon Ochomo

[chhil]

Variant : Key Description

1 : PIN Encryption Key
4 : PIN Verification Key

You might find this thread useful
https://thalessim.codeplex.com/discussions/276613

In the thread, its a thales sim and variants are basically used to make the keys/data  atalla compliant, i.e. if A uses Thales and B uses a Atalla HSM then variants come into play.

-chhil