HSM Thales config
356 views
Skip to first unread message
cap10mycap10
May 11, 2022, 1:23:09 PM5/11/22
to jPOS Users
Hello
I am trying to send CA, FA and KW commands to a Thales 7000 HSM and I am getting some errors. Below are my configs
hsm-base-
<?xml version="1.0" encoding="UTF-8"?>
<schema>
<field id="11" type="A" length="6" >000000</field>
<field id="41" type="A" length="2" >00</field>
<field id="command" type="A" length="2" key="true" />
</schema>
<schema>
<field id="11" type="A" length="6" >000000</field>
<field id="41" type="A" length="2" >00</field>
<field id="command" type="A" length="2" key="true" />
</schema>
CA:
<?xml version="1.0" encoding="UTF-8"?>
<schema id='CA'>
<field id="tpk" type="A" length="49" />
<field id="zpk" type="A" length="33" />
<field id="max_pin_length" type="A" length="2" />
<field id="pin_block" type="A" length="16" />
<field id="source_pin_block" type="A" length="2" />
<field id="dest_pin_block" type="A" length="2" />
<field id="pan" type="A" length="12" />
</schema>
<schema id='CA'>
<field id="tpk" type="A" length="49" />
<field id="zpk" type="A" length="33" />
<field id="max_pin_length" type="A" length="2" />
<field id="pin_block" type="A" length="16" />
<field id="source_pin_block" type="A" length="2" />
<field id="dest_pin_block" type="A" length="2" />
<field id="pan" type="A" length="12" />
</schema>
FA:
<?xml version="1.0" encoding="UTF-8"?>
<schema id='FA'>
<field id="zmk" type="A" length="49" />
<field id="zpk" type="A" length="33" />
</schema>
<schema id='FA'>
<field id="zmk" type="A" length="49" />
<field id="zpk" type="A" length="33" />
</schema>
KW:
<?xml version="1.0" encoding="UTF-8"?>
<schema id='KW'>
<field id="flag" type="A" length="1" />
<field id="scheme" type="A" length="1" />
<field id="mk_ac" type="A" length="33" />
<field id="pan" type="B" length="8" />
<field id="atc" type="B" length="2" />
<field id="trx_data_length" type="B" length="1" />
<field id="data" type="B" length="45" />
<field id="delimiter" type="A" length="1" />
<field id="arqc" type="B" length="8" />
<field id="arc" type="B" length="2" />
</schema>
<schema id='KW'>
<field id="flag" type="A" length="1" />
<field id="scheme" type="A" length="1" />
<field id="mk_ac" type="A" length="33" />
<field id="pan" type="B" length="8" />
<field id="atc" type="B" length="2" />
<field id="trx_data_length" type="B" length="1" />
<field id="data" type="B" length="45" />
<field id="delimiter" type="A" length="1" />
<field id="arqc" type="B" length="8" />
<field id="arc" type="B" length="2" />
</schema>
And I have traces of these commands which actually work:
CA:
[CA] Rx Request via TCP from:
- [None an 008 M] : 'Message Header' = [00000000]
[None an 002 M] : 'Command Code' = [CA]
[16H/1A+32H/1A+48H M] : 'Source TPK' = '################'
[16H/1A+32H/1A+48H M] : 'Destination ZPK' = '################'
[None n 002 M] : 'Maximum PIN Length' = [12]
[None Hex 016 M] : 'Source PIN Block' = [################]
[None n 002 M] : 'Source PIN Block Format' = [01]
[None n 002 M] : 'Destination PIN Block Format' = [01]
[None n 012 M] : 'Account Number' = [481000000004]
Response to: 192.167.1.195,1285
- [None an 008 M] : 'Message Header' = [00000000]
[None an 002 M] : 'Response Code' = [CB]
[None an 002 M] : 'Error Code' = [00]
[0..2 n 002 M] : 'PIN Length' = [04]
[None Hex 016 M] : 'Destination PIN Block' = [################]
[None n 002 M] : 'Destination PIN Block Format' = [01]
KW
[None an 008 M] : 'Message Header' = [00000000]
[None an 002 M] : 'Command Code' = [KW]
[None Hex 001 M] : 'Mode Flag' = [3]
[None n 001 M] : 'Scheme ID' = [2]
[16H/1A+32H/1A+48H M] : 'MK_AC' = '##'
[None b 008 M] : 'PAN PAN Sequence No' = *[1481000000004101]
[None b 002 M] : 'ATC' = *[02EE]
[LLVAR: b 255 O] : 'Transaction Data' = *[00000005000000000000000007168080048000093221091821F35B36E4180002EE0FA501A00002000000000000000000000F01000000000000000000000000000080]
[None ans 001 M] : 'Delimiter' = [;]
[None b 008 M] : 'ARQC TC AAC' = *[120140AAC7D1####]
[None b 004 M] : 'CSU' = *[00800###]
[None n 001 M] : 'Propriatary Authentication Data Length' = [0]
[KX] Tx Response to: 192.167.1.195,1225
- [None an 008 M] : 'Message Header' = [00000000]
[None an 002 M] : 'Response Code' = [KX]
[None an 002 M] : 'Error Code' = [00] [
None b 008 M] : 'ARPC' = *[####EA2300800000]
Anyone with an idea on this?
Mark Salter
May 11, 2022, 1:27:57 PM5/11/22
to jpos-...@googlegroups.com
This traces show working commands? A trace of your failures and error code details might help see what or why you are failing, without there is nothing to consider.
I presume you have check the manuals already?
--
Mark
--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/26fabcfc-3994-4465-90ef-1bb286a290b7n%40googlegroups.com.
Mapfunde Venon
May 11, 2022, 2:33:11 PM5/11/22
to jpos-...@googlegroups.com
My question is also on the tag names i am using in the xml files if they are correct or not?
Venon Mapfunde(PMP,Msc Software Engineering,Bsc Computer Science & Mathematics) Tel:+263 775 091 262 Email:taka...@gmail.com Skype: venon.mapfunde
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/c55c7d18-1d10-1d38-0625-1c3abd488932%40protonmail.com.
Mark Salter
May 11, 2022, 4:16:33 PM5/11/22
to jpos-...@googlegroups.com
How do you define 'correct' please?
- meeting your needs (who else cares)?
- matching the Thales documentation?
I am sure what you really want or need, sorry.
--
Mark
Sent from ProtonMail mobile
-------- Original Message --------
- meeting your needs (who else cares)?
- matching the Thales documentation?
I am sure what you really want or need, sorry.
--
Mark
Sent from ProtonMail mobile
-------- Original Message --------
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAB4JUJ28tOLe8A1GXsRKe3aTxH5GDDhG1wGA2U0prGSOH2iiaQ%40mail.gmail.com.
murtuza chhil
May 11, 2022, 9:34:30 PM5/11/22
to jPOS Users
Partly responded in slack
https://jpos.slack.com/archives/CHAB8RFKK/p1652317158112269?thread_ts=1652289862.753719&cid=CHAB8RFKK
We cannot guess the errors you are getting. You will need to provide the errors. Everyone cannot know what the Thales message spec is and are probably too busy to go field by field to match your schema to the spec.
You should pack your FSD message and do a hexdump on your message.
Compare the hexdump with the binary dump of you postilion messages that works. Spot the differences and fix. Or re-read the Thales spec and understand the message formats. In your CA command what made you choose 49? I understand the 1 wie. scema is prepended to make 48 -> 49. So why 48 and not 16?
<field id="tpk" type="A" length="49" />
Is it a triple length key ?
The working CA trace shows 16
[16H/1A+32H/1A+48H M] : ‘Destination ZPK’ = ‘################’
Field names can be anything and they cannot be duplicated for the message.
What you call field 11, 41 we call “stan” in our schema and use “stan” as the mux key to match request response. Obviously, I would need to set this in every message with an incremental number to distinguish one request from the next.
Make sure you know what the header size is as its configurable on the HSM , you have decided the header is 8 wide.
<field id="11" type="A" length="6" >000000</field>
<field id="41" type="A" length="2" >00</field>
I am not sure what you are expecting 000000 and 00 to do.
If you want to keep those constant use something like this:
<field id="fieldname1" type="K" length="6">000000</field>
<field id="fieldname2" type="K" length="2">00</field>
-chhil
Reply all
Reply to author
Forward
0 new messages