String hexMaster = TERMINAL_CTMK;
  byte[] keydata = h2b(hexMaster);
  String zonepin = null;
  SecretKey encryptedMaster = new SecretKeySpec(keydata, "DESede");
  Â
   tryÂ
  Â
      {
   Â
    JCEHandler jceHandler = new JCEHandler("DES");
    Key newkey = jceHandler.generateDESKey(SMAdapter.LENGTH_DES3_2KEY);
    byte[] enkey = jceHandler.encryptDESKey(SMAdapter.LENGTH_DES3_2KEY, newkey, encryptedMaster);
    byte[] component_2 = h2b(COMPONENT_2);
  Â
    byte[] wholecheckvalue = jceHandler.encryptData(component_2, newkey);
   Â
    byte[] checkvalue = ISOUtil.trim(wholecheckvalue, 4);
   Â
    zonepin = b2h(enkey) + b2h(checkvalue);
   Â
    logger.info("Generating Pin Key to processor" + zonepin );
   Â
  }
   Â
  catch(Exception ex)Â
    Â
      {
  Â
  logger.error("error generating zone pin key: "+ex.getMessage()+"\n"+Arrays.toString(ex.getStackTrace()));
  Â
    }
  Â
    return zonepin;
  Â
  }
.................................................................
 Â
--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/463d9c85-1b2e-46e8-bdd0-a8c2a22184a0n%40googlegroups.com.
     JCEHandler jceHandler = new JCEHandler(DESedeKeySpec.class.getName());
    newkey = jceHandler.generateDESKey(SMAdapter.LENGTH_DES3_2KEY);
 java.lang.InstantiationException: javax.crypto.spec.DESedeKeySpec
[com.tm30.agencybanking.terminalsystem.Crytpo.CustomJCEHandler.<init>(CustomJCEHandler.java:31), com.tm30.agencybanking.terminalsystem.Crytpo.CCrypto.generateZonemaskterKey(CCrypto.java:223), com.tm30.agencybanking.terminalsystem.controller.TerminalController.getKey(TerminalController.java:28), java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104), java.base/java.lang.reflect.Method.invoke(Method.java:577), org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:207), org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:152), org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117), org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:884).......
Hi Babatunde,
Firstly, let me suggest a better way to log a stack trace:
logger.error("error generating zone pin key: ", ex);
The stack trace will be printed one line at a time and be more legible.
Secondly, I don’t
understand what are you are trying to achieve by passing DESedeKeySpec.class.getName()
to the JCEHandler
constructor, since DESedeKeySpec
is not an instance of java.security.Provider
and it doesn’t have a default constructor. This last thing is
what is causing the exception, but even if it didn’t, it would
fail later because of the other thing (not being a security
provider)
And finally, it seems
you are working with a locally modified version of JCEHandler
why do you want that?
Best regards.
Andrés.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/2b319703-11fd-46e7-8059-7137709f6c19n%40googlegroups.com.
         SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede");
   SecretKey key = factory.generateSecret(new DESedeKeySpec(keydata));
        //keydata is the value got after xoring Component 1 and 2Â
- Â After concatenating Component 1 and Component 2 , I was able to generate Keys .Â
I want to be sure that I am doing the right thing , I've been stuck on this part for more than a week , I will really appreciate an input as to where I am doing the wrong thing please .Â
-Also I got Pin key after making a PIN key request to post bridge , what do I do with this PIN key ? am I just checking the Key check value to ensure what  postbridge has is same as what we have on our end ?Â
Thanks in advance . Â
I passed this DESedeKeySpec.class.getName() to JCEhandler instantiation because the constructor needs a provider class name passed
Thing is, DESedeKeySpec is not a provider class. You can see how it is instantiated in the jPOS code that uses it:
try {
if (jceProviderClassName == null || jceProviderClassName.isEmpty()) {
evt.addMessage("No JCE Provider specified. Attempting to load default provider (SunJCE).");
jceProviderClassName = "com.sun.crypto.provider.SunJCE";
}
provider = (Provider)Class.forName(jceProviderClassName).newInstance();
Security.addProvider(provider);
evt.addMessage("name", provider.getName());
} catch (Exception e) {
evt.addMessage(e);
throw new SMException("Unable to load jce provider whose class name is: "
+ jceProviderClassName);
} finally {
Logger.log(evt);
}
jceHandler = new JCEHandler(provider);
You can see there,
the default value, but moreover, why don’t you use the higher
level class JCESecurityModule
for what you are trying? And also, you didn’t answer why you are
using a customized version of that class instead of using the
provided by jPOS.
I want to generate a KWP so that I can send it to Post bridge when a Pin Key request field 70 value 101 is sent to my Acquirer host app .Â
- I have been provided with two keys Component 1 : 3DE......................................9A6 and component 2 : 0000000000000 (Component 2 is all zeros 16bits and 32Chars) .Â
-I XORed both keys so as to get the Zone Master Key ( After XOR operation I got same value for Component key 1).
Yes, a xor with a zero is an identity operation.
You would be better
by using the SMAdapter
for doing this, please take a look at https://github.com/jpos/jPOS/wiki/HSM_basics,
and also how to run the q2 cli in section 7.1.1 of jPOS
programmer’s Guide to run smconsole --help
and check the different options. This is valid only for testing,
for production you would surely need to use a real HSM.
- Generating key using 3des DES/ECD/NoPadding returned error saying wrong key size :Â
         SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede");
   SecretKey key = factory.generateSecret(new DESedeKeySpec(keydata));
        //keydata is the value got after xoring Component 1 and 2Â
- Â After concatenating Component 1 and Component 2 , I was able to generate Keys .Â
I want to be sure that I am doing the right thing , I've been stuck on this part for more than a week , I will really appreciate an input as to where I am doing the wrong thing please .Â
-Also I got Pin key after making a PIN key request to post bridge , what do I do with this PIN key ? am I just checking the Key check value to ensure what  postbridge has is same as what we have on our end ?Â
You had the clear
keys, so the first thing you have to do is import it to the
lmks, that’s the form key (FK
)
command of the smconsole
.
It will perform the xor for you, if I remember correctly, you
just need to pass the number of components you have. That isn’t
usually performed in your code, but has to be performed once,
and then use the imported key throughout your code to import the
key that you got from Postilion. And you would use that key, to
translate the pin blocks to your zone key for validation if you
are an issuer. Or to translate the PIN blocks captured by the
terminal to the postilion key if you are an acquirer.
Crypto is usually not an easy matter to get right at the first take, so it is not advised to try code without first understanding all the concepts. Sadly I couldn’t find more links to more places that discuss that with more detail to share with you.
Regards.
Andrés.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/b7c0b2db-78d6-49f6-a0a1-12aaec0ead05n%40googlegroups.com.