FK in smconsole did not return any result

[Afoo]

I am working on a project and wanted to generate encrypted key using smconsole -lmk /../lib/cfg/sourceConnectlmk.cfg FK 64 001 CB706B61B0AB04D6 62BC37269458F4F4 044F265B0B9DB9F2

I got the response without any key as stated below

<log realm="jce-security-module" at="Tue Jun 04 09:34:14 WAT 2013.317">
<s-m-operation/>
</log>

can someone please help me to figure out what's wrong?

Thanks

[chhil]

Can you step through the smconsole code and see where the problem is?

-chhil

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage.
Please support jPOS, contact: sa...@jpos.org
 
You received this message because you are subscribed to the "jPOS Users" group.
Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first
To post to this group, send email to jpos-...@googlegroups.com
To unsubscribe, send email to jpos-users+...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/jpos-users
 
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Afonrinwo Emmanuel]

Thanks, will do that and revert.

Emmanuel Afonrinwo
+234 802 225 0132
+234 805 505 7745
TRUTH … FAIR … GOODWILL … BENEFICIAL

[chhil]

001 is not supported but the key types supported are:
{BDK, CVK, MK-AC, MK-CVC3, MK-SMC, MK-SMI, PVK, TAK, TMK, TPK, ZAK, ZMK, ZPK}

So instead of 001 use ZPK and you should get a correct output.
Command line : -lmk /../lib/cfg/sourceConnectlmk.cfgFK 64 ZPK CB706B61B0AB04D6 62BC37269458F4F4 044F265B0B9DB9F2
<log realm="jce-security-module" at="Tue Jun 04 19:34:58 IST 2013.594" lifespan="855ms">
  <s-m-operation>
    <command name="Form Key from Three Clear Components">
      <parameter name="Key Length">
        64
      </parameter>
      <parameter name="Key Type">
        ZPK
      </parameter>
      <parameter name="Component 1 Check Value">
        86A506
      </parameter>
      <parameter name="Component 2 Check Value">
        8BB913
      </parameter>
      <parameter name="Component 3 Check Value">
        FB61F9
      </parameter>
    </command>
    <result name="Formed Key">
      <secure-des-key length="64" type="ZPK" variant="0" scheme="Z">
        <data>63E86FFE9A72BC5B</data>
        <check-value>05F485</check-value>
      </secure-des-key>
    </result>
  </s-m-operation>
</log>

-chhil

[chhil]

Alejandro,

https://github.com/jpos/jPOS/blob/master/jpos/src/main/java/org/jpos/security/jceadapter/Console.java

Line 158 is commented out. If its un-commented the error gets displayed to the user in the stack trace. Currently the user has no clue about what went wrong by looking at the logs.

Would help if the line was un-commented.

p.s. I had tested it with the older SMConsole.java which is similar to the current Console.java.

-chhil

[Afonrinwo Emmanuel]

Thanks a lot,  I used the codes zmk, zpk ... and it is fine. I will un-comment just to test.

 

Once again thank you.

Emmanuel Afonrinwo
+234 802 225 0132
+234 805 505 7745
TRUTH … FAIR … GOODWILL … BENEFICIAL

[chhil]

You are very welcome.

-chhil

[Afonrinwo Emmanuel]

Hi chillum,

 

Sorry, am return in the same line, I try to do IK as stated below, I got no parity adjusted.

 

is it an exception to border about, if yes please how do I correct this?

 

Thank you.

 

</log>
q2> smconsole -lmk /keys/sourceConnectlmk.cfg IK 128 ZPK 2C3DFEEA235BCBE3D6BF7AF
831ADD95B 128 ZPK 73F5F11711B084343A79B30663585BA0 F05850     
Welcome to JCE Security Module console commander!
<log realm="jce-security-module" at="Wed Jun 05 06:26:23 WAT 2013.675" lifespan="2ms">
  <jce-provider>
    No JCE Provider specified. Attempting to load default provider (SunJCE).
    <name>SunJCE</name>
  </jce-provider>
</log>
<log realm="jce-security-module" at="Wed Jun 05 06:26:23 WAT 2013.679">
  <local-master-keys>
    Loaded successfully from file: "F:\keys\sourceConnectlmk.cfg"
  </local-master-keys>
</log>
<log realm="jce-security-module" at="Wed Jun 05 06:26:23 WAT 2013.681" lifespan="1ms">
  <s-m-operation>
    <command name="Import Key">
      <parameter name="Key Length">
        128

      </parameter>
      <parameter name="Key Type">
        ZPK
      </parameter>

      <parameter name="Encrypted Key">
        2C3DFEEA235BCBE3D6BF7AF831ADD95B
      </parameter>
      <parameter name="Key-Encrypting Key">
        <secure-des-key length="128" type="ZPK" variant="0" scheme="X">
          <data>73F5F11711B084343A79B30663585BA0</data>
          <check-value>F05850</check-value>
        </secure-des-key>
      </parameter>
      <parameter name="Check Parity">
        true
      </parameter>
    </command>
    <security-module-exception>
      Parity not adjusted
      org.jpos.security.jceadapter.JCEHandlerException: Parity not adjusted
        at org.jpos.security.jceadapter.JCEHandler.decryptDESKey(JCEHandler.java:192)
        at org.jpos.security.jceadapter.JCESecurityModule.importKeyImpl(JCESecurityModule.java:184)
        at org.jpos.security.BaseSMAdapter.importKey(BaseSMAdapter.java:156)
        at org.jpos.security.jceadapter.Console.exec(Console.java:144)
        at org.jpos.q2.cli.SMCONSOLE.exec(SMCONSOLE.java:32)
        at org.jpos.q2.CLICommandInterface.execCommand(CLICommandInterface.java:67)
        at org.jpos.q2.CLI.run(CLI.java:153)
        at java.lang.Thread.run(Unknown Source)
    </security-module-exception>
  </s-m-operation>
</log>
q2>

Emmanuel Afonrinwo
+234 802 225 0132
+234 805 505 7745
TRUTH … FAIR … GOODWILL … BENEFICIAL

[chhil]

If you look at the code, the GC (generate key) generates the key with adjusted parity.

The key passed in is expected to be parity adjusted and does not adjust the parity.
The code adjusts the parity and then checks to see if the original and adjusted are equal, since they are not equal an exception is thrown.

Please attempt to step through the code and understand its working or read the code based on line numbers in stack trace.


-chhil

[chhil]

Alejandro,

https://github.com/jpos/jPOS/blob/master/jpos/src/main/java/org/jpos/security/jceadapter/JCESecurityModule.java

Line 183: Insert Util.adjustDESParity(encryptedKey);
This will ensure the parity is always adjusted for the key being imported. Assuming that we got a key from an entity that did not adjust the parity. Though this will make the checkParity check redundant. I leave it upto security/hsm experts to decide the validity of this change.

-chhil

[Alejandro Revilla]

Would help if the line was un-commented.

Done in https://github.com/jpos/jPOS/commit/8ba19813d728297099abee8f589df28b4bf2d14a - Thank you!

[chhil]

Thanks Alejandro.

On Wed, Jun 5, 2013 at 7:15 PM, Alejandro Revilla <a...@jpos.org> wrote:

Would help if the line was un-commented.

Done in https://github.com/jpos/jPOS/commit/8ba19813d728297099abee8f589df28b4bf2d14a - Thank you!

[Scholaris]

Hi Alejandro, Chhil,

I keep getting the following error each time I try to import a key:

Exception in thread "main" org.jpos.security.jceadapter.JCEHandlerException: Parity not adjusted
    at org.jpos.security.jceadapter.JCESecurityModule.decryptFromLMK(JCESecurityModule.java:1128)
    at org.jpos.security.jceadapter.JCESecurityModule.importKeyImpl(JCESecurityModule.java:191)

I call the method as below

SecureDESKey zpkUnderLMK = jsm.importKeyImpl(jsm.LENGTH_DES3_2KEY, jsm.TYPE_ZPK, zpkUnderZmk, zmkUnderLmk, false);

If I import the same key on the console, it works having specified ZMK parity and scheme (ZMK:1U). Here is the query
 
org.jpos.security.jceadapter.Console -lmk ./lmk  IK 128 ZPK:1U 2F8923914AEE02DD5FA85AACDD55E8C8 128 ZMK:1U 609694AC147670CBD81B5CAD67760E01 DA9AC8

If I do not specify the ZMK parity and scheme, I get the "Parity not adjusted" error again

Is there a way I can pass the ZMK parity and scheme in the method importKeyImpl as I am doing in the console ?

[chhil]

I am not 100% sureif this will help you, but check

https://github.com/jpos/jPOS/blob/master/jpos/src/main/java/org/jpos/security/jceadapter/JCESecurityModule.java#L1018-L1061

Can you pass the scheme (the colon followed by scheme) part along with the keytype in the code as you do in the console?

-chhil

[Scholaris]

Chhil thanks for the response.

I have the same content as the link you provided, and you highlighted the   private SecureDESKey encryptToLMK   method. Not  quit sure why as I had a problem with the   private Key decryptFromLMK   method, probably you would clarify.

Also I tried to pass the scheme as you have suggested but I keep getting errors like these

error: ')' expected
      SecureDESKey zpkUnderLMK = jsm.importKeyImpl(jsm.LENGTH_DES3_2KEY, jsm.TYPE_ZPK:1U, bZpkFromDB, zmkUnderLMK, false);
                                                                                     ^
error: not a statement
      SecureDESKey zpkUnderLMK = jsm.importKeyImpl(jsm.LENGTH_DES3_2KEY, jsm.TYPE_ZPK:1U, bZpkFromDB, zmkUnderLMK, false);
                                                                                      ^
error: ';' expected
      SecureDESKey zpkUnderLMK = jsm.importKeyImpl(jsm.LENGTH_DES3_2KEY, jsm.TYPE_ZPK:1U, bZpkFromDB, zmkUnderLMK, false);
                                                                                       ^
error: ';' expected
      SecureDESKey zpkUnderLMK = jsm.importKeyImpl(jsm.LENGTH_DES3_2KEY, jsm.TYPE_ZPK:1U, bZpkFromDB, zmkUnderLMK, false);
                                                                                        ^
error: not a statement
      SecureDESKey zpkUnderLMK = jsm.importKeyImpl(jsm.LENGTH_DES3_2KEY, jsm.TYPE_ZPK:1U, bZpkFromDB, zmkUnderLMK, false);
                                                                                          ^
error: ';' expected
      SecureDESKey zpkUnderLMK = jsm.importKeyImpl(jsm.LENGTH_DES3_2KEY, jsm.TYPE_ZPK:1U, bZpkFromDB, zmkUnderLMK, false);
                                                                                                    ^
error: not a statement
      SecureDESKey zpkUnderLMK = jsm.importKeyImpl(jsm.LENGTH_DES3_2KEY, jsm.TYPE_ZPK:1U, bZpkFromDB, zmkUnderLMK, false);
                                                                                                      ^
error: ';' expected
      SecureDESKey zpkUnderLMK = jsm.importKeyImpl(jsm.LENGTH_DES3_2KEY, jsm.TYPE_ZPK:1U, bZpkFromDB, zmkUnderLMK, false);


basicaly saying my adding of  :1U  to jsm.TYPE_ZPK  (jsm.TYPE_ZPK:1U)  is illegal

Nice thinking though Chhil, any more ideas?

[chhil]

Arent you supposed to concatenate the strings  jsm.TYPE_ZPK+":1U". Right now you are getting a compilation error with what you have done.

-chhil

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
 

Join us in IRC at http://webchat.freenode.net/?channels=jpos

 
You received this message because you are subscribed to the "jPOS Users" group.
Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first
To post to this group, send email to jpos-...@googlegroups.com
To unsubscribe, send email to jpos-users+...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/jpos-users
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/10583555-8289-4236-b11f-6e09c56ce477%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Scholaris]

Hi Chhil,

Tried what you suggested and it works like a charm....how could I have not seen that. Thanks . Heres what I run and it worked

SecureDESKey zpkUnderLMK = jsm.importKeyImpl(jsm.LENGTH_DES3_2KEY, jsm.TYPE_ZPK+":1U", bZpkFromDB, zmkUnderLMK, false);

Thanks