Key Entry via PIN Pad

ProtectServer HSMs support key component entry via a compatible Verifone PIN pad. You must order the PIN pad directly from Gemalto; only Gemalto-distributed PIN pads are configured to work with ProtectServer.

Using a PIN pad for Key Entry

The ProtectServer HSM administrator can use these directions to enter key components via a compatible PIN pad. You require:

>compatible PIN pad with USB connector

>physical access to the ProtectServer HSM

>a client or host workstation with ctkmu installed

>key components ready for entry in 3-digit decimal format (see Hexadecimal to Decimal Conversion Table)

To use a PIN pad for key entry:

1.Connect the PIN pad to the USB port on the HSM card. It must be connected directly to the HSM and not one of the other USB ports on the appliance/host.

The PIN pad powers up and performs its startup processes.

2.On the client workstation, use ctkmu to initiate the key entry procedure. You must include the -p option to use the PIN pad. See CTKMU for full command syntax.

>ctkmu c -s<slot> -t<key_type> -a<attributes> -n<name> -k<number_of_components> -p

[root@test ~]# ctkmu c -s0 -tdes -aED -ndes_1 -k2 -p
ProtectToolkit C Key Management Utility 5.4.0
Copyright (c) Safenet, Inc. 2009-2017
 
Requesting component 1 on pinpad device
 

3.The PIN pad prompts the user to enter the first byte of the first key component. Key components must be entered on the PIN pad in decimal. Refer to Hexadecimal to Decimal Conversion Table. Depending on the PIN pad model you received from Gemalto, the PIN pad responds in one of the following ways:

The byte expected by the PIN pad is displayed. When you see this message, you have 20 seconds to enter the 3-digit byte before the operation times out.

The byte expected by the PIN pad is displayed for 2 seconds, followed by the ENTER prompt. When you see this prompt, you have 20 seconds to enter the 3-digit byte before the operation times out.

Continue following the prompts on the PIN pad.

4.When the entire component has been entered, ctkmu displays the key component value (KCV) and prompts you to confirm it is correct.

Component 1 KCV : D15F45
Is this correct? [Y/n]: y
 
Requesting component 2 on pinpad device
 

5.The PIN pad prompts the user to enter the first byte of the second key component. Continue following the prompts until all key components are entered.

Component 2 KCV : D15F45
Is this correct? [Y/n]: y
 

6.When all key components have been entered, ctkmu displays the KCV for the complete key and prompts you to confirm it.

Key 'des_1' KCV : 8CA64D
Is this correct? [Y/n]: y
 
Key "des_1" was created
 

Hexadecimal to Decimal Conversion Table

Hex Dec Hex Dec Hex Dec Hex Dec Hex Dec Hex Dec Hex Dec Hex Dec

00

000

20

032

40

064

60

096

80

128

A0

160

C0

192

E0

224

01

001

21

033

41

065

61

097

81

129

A1

161

C1

193

E1

225

02

002

22

034

42

066

62

098

82

130

A2

162

C2

194

E2

226

03

003

23

035

43

067

63

099

83

131

A3

163

C3

195

E3

227

04

004

24

036

44

068

64

100

84

132

A4

164

C4

196

E4

228

05

005

25

037

45

069

65

101

85

133

A5

165

C5

197

E5

229

06

006

26

038

46

070

66

102

86

134

A6

166

C6

198

E6

230

07

007

27

039

47

071

67

103

87

135

A7

167

C7

199

E7

231

08

008

28

040

48

072

68

104

88

136

A8

168

C8

200

E8

232

09

009

29

041

49

073

69

105

89

137

A9

169

C9

201

E9

233

0A

010

2A

042

4A

074

6A

106

8A

138

AA

170

CA

202

EA

234

0B

011

2B

043

4B

075

6B

107

8B

139

AB

171

CB

203

EB

235

0C

012

2C

044

4C

076

6C

108

8C

140

AC

172

CC

204

EC

236

0D

013

2D

045

4D

077

6D

109

8D

141

AD

173

CD

205

ED

237

0E

014

2E

046

4E

078

6E

110

8E

142

AE

174

CE

206

EE

238

0F

015

2F

047

4F

079

6F

111

8F

143

AF

175

CF

207

EF

239

10

016

30

048

50

080

70

112

90

144

B0

176

D0

208

F0

240

11

017

31

049

51

081

71

113

91

145

B1

177

D1

209

F1

241

12

018

32

050

52

082

72

114

92

146

B2

178

D2

210

F2

242

13

019

33

051

53

083

73

115

93

147

B3

179

D3

211

F3

243

14

020

34

052

54

084

74

116

94

148

B4

180

D4

212

F4

244

15

021

35

053

55

085

75

117

95

149

B5

181

D5

213

F5

245

16

022

36

054

56

086

76

118

96

150

B6

182

D6

214

F6

246

17

023

37

055

57

087

77

119

97

151

B7

183

D7

215

F7

247

18

024

38

056

58

088

78

120

98

152

B8

184

D8

216

F8

248

19

025

39

057

59

089

79

121

99

153

B9

185

D9

217

F9

249

1A

026

3A

058

5A

090

7A

122

9A

154

BA

186

DA

218

FA

250

1B

027

3B

059

5B

091

7B

123

9B

155

BB

187

DB

219

FB

251

1C

028

3C

060

5C

092

7C

124

9C

156

BC

188

DC

220

FC

252

1D

029

3D

061

5D

093

7D

125

9D

157

BD

189

DD

221

FD

253

1E

030

3E

062

5E

094

7E

126

9E

158

BE

190

DE

222

FE

254

1F

031

3F

063

5F

095

7F

127

9F

159

BF

191

DF

223

FF

255