堆栈内存溢出
  简体   繁体   English

我在哪里可以得到BDK进行DUKPT解密

[英]Where do i get BDK for DUKPT decryption

 原文  2017-07-17 07:55:16       encryption/ hsm/ dukpt

问题描述

I have generated a BDK Type3 key for DUKPT in Thales HSM. 我在Thales HSM中为DUKPT生成了BDK Type3密钥。 I have sent this BDK which is encrypted under the LMK of the HSM to the terminal manufacturer to generate the IPEK key and inject it into the terminal. 我已将此BDK(已在HSM的LMK下加密)发送给终端制造商,以生成IPEK密钥并将其注入终端。

When I receive the encrypted data I have the KSN and now I need the BDK again to decrypt it.I am not storing the BDK anywhere in my HOST application.How can I get the BDK again for decryption.Is it stored somewhere in the HSM.If there are multiple BDKs how do I find the right one used for this particular terminal? 收到加密数据后,我有了KSN,现在又需要BDK对其进行解密。我没有将BDK存储在我的HOST应用程序中的任何位置。如何再次获得BDK进行解密。它存储在HSM中的某个位置吗? 。如果有多个BDK,如何找到用于此特定终端的正确BDK?

2 个解决方案

解决方案1
 2  2017-07-18 08:10:05

The BDK (Base Derivation Key) should be kept in the HSM so it's available when you need to decrypt. BDK (基本派生密钥)应保留在HSM中,以便在需要解密时可用。 During decrypt you would pass the KSN (Key Serial Number) as input to the HSM , and the HSM would then recreate the DUKPT key used by the terminal for encryption from the BDK . 在解密期间,您会将KSN (密钥序列号)作为输入传递给HSM ,然后HSM将重新创建终端使用的DUKPT密钥,以从BDK进行加密。

解决方案2
 0  2017-07-26 23:08:21

For data decryption you can use THALES HSM command M2 with parameters 对于数据解密,可以将THALES HSM命令M2与参数一起使用

  • BDK (under LMK) - This is the key that you sent to the terminal BDK(在LMK下)-这是您发送到终端的密钥
    manufacturer 制造商
  • Encrypted data - received from the terminal 加密数据-从终端接收
  • KSN - received from the terminal KSN-从终端收到

About BDK exchange (between you and the terminal manufacturer) 关于BDK交换(您和终端制造商之间)

The straightforward process is: 简单的过程是:

  1. exchange ZMK (zone master key) between you and the manufacturer 在您和制造商之间交换ZMK(区域主密钥)
  2. encrypt BDK under ZMK 在ZMK下加密BDK
  3. the manufacturer decrypts the BDK (using the ZMK) in a secure environment (key injection room) 制造商在安全环境(密钥注入室)中解密BDK(使用ZMK)
  4. the manufacturer produces IPEK using the clear BDK 制造商使用透明的BDK生产IPEK

Your BDK is encrypted under LMK. 您的BDK在LMK下已加密。 In other words your BDK is protected by LMK, in this way none else can you use your BDK (super secret key). 换句话说,您的BDK受LMK保护,这样您就不能使用BDK(超级密钥)。 Consistently if you send your BDK (under LMK), your manufacturer can not use the BDK (clear) for IPEK generation. 一致地,如果您发送BDK(在LMK下),则制造商无法将BDK(明文)用于IPEK生成。 That's why you need a ZMK in your process. 这就是为什么您在流程中需要ZMK的原因。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何获得iDynamo 5基本派生密钥(BDK)? - How do I get the iDynamo 5 Base Derivation Key (BDK)? 3DES-DUKPT(CBC)解密确认 - 3DES-DUKPT (CBC) decryption confirmation 我的解密哪里出问题了 - Where am i going wrong with my decryption 如何在不再次生成密钥对的情况下进行加密/解密? - How do I do encryption/decryption without generating keypairs again? 使用 PBKDF2 和 AES256 进行加密和解密 - 需要实际示例 - 如何获取派生密钥 - Encryption and Decryption with PBKDF2 and AES256 - practical example needed - how do I get the Derived key 我编写了一个用于 RSA 加密和解密的 Java 代码,其中解密密钥太大,因此解密过程需要永远执行 - I have written a Java code for RSA encryption and decryption where the decryption key is too large so the decryption process takes forever to execute Magtek密码键盘BDK - Magtek PIN pad BDK Python 中的 RSA 解密我如何获得字节数组? - RSA decryption in Python how i can get a bytes array? reactjs中的解密密钥存储在哪里? - Where to store the decryption key in reactjs? MagTek — uDynamo(DUKPT) - MagTek — uDynamo (DUKPT)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM