Key Entry via PIN Pad
ProtectServer HSMs support key component entry via a compatible Verifone PIN pad. You must order the PIN pad directly from Gemalto; only Gemalto-distributed PIN pads are configured to work with ProtectServer.
Using a PIN pad for Key Entry
The ProtectServer HSM administrator can use these directions to enter key components via a compatible PIN pad. You require:
>compatible PIN pad with USB connector
>physical access to the ProtectServer HSM
>a client or host workstation with ctkmu installed
>key components ready for entry in 3-digit decimal format (see Hexadecimal to Decimal Conversion Table)
To use a PIN pad for key entry:
1.Connect the PIN pad to the USB port on the HSM card. It must be connected directly to the HSM and not one of the other USB ports on the appliance/host.
The PIN pad powers up and performs its startup processes.
2.On the client workstation, use ctkmu to initiate the key entry procedure. You must include the -p option to use the PIN pad. See CTKMU for full command syntax.
>ctkmu c -s<slot> -t<key_type> -a<attributes> -n<name> -k<number_of_components> -p
[root@test ~]# ctkmu c -s0 -tdes -aED -ndes_1 -k2 -p
ProtectToolkit C Key Management Utility 5.4.0
Copyright (c) Safenet, Inc. 2009-2017
Requesting component 1 on pinpad device
3.The PIN pad prompts the user to enter the first byte of the first key component. Key components must be entered on the PIN pad in decimal. Refer to Hexadecimal to Decimal Conversion Table. Depending on the PIN pad model you received from Gemalto, the PIN pad responds in one of the following ways:
•The byte expected by the PIN pad is displayed. When you see this message, you have 20 seconds to enter the 3-digit byte before the operation times out.
• The byte expected by the PIN pad is displayed for 2 seconds, followed by the ENTER prompt. When you see this prompt, you have 20 seconds to enter the 3-digit byte before the operation times out.
Continue following the prompts on the PIN pad.
4.When the entire component has been entered, ctkmu displays the key component value (KCV) and prompts you to confirm it is correct.
Component 1 KCV : D15F45
Is this correct? [Y/n]: y
Requesting component 2 on pinpad device
5.The PIN pad prompts the user to enter the first byte of the second key component. Continue following the prompts until all key components are entered.
Component 2 KCV : D15F45
Is this correct? [Y/n]: y
6.When all key components have been entered, ctkmu displays the KCV for the complete key and prompts you to confirm it.
Key 'des_1' KCV : 8CA64D
Is this correct? [Y/n]: y
Key "des_1" was created
Hexadecimal to Decimal Conversion Table
Hex | Dec | Hex | Dec | Hex | Dec | Hex | Dec | Hex | Dec | Hex | Dec | Hex | Dec | Hex | Dec |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
00 |
000 |
20 |
032 |
40 |
064 |
60 |
096 |
80 |
128 |
A0 |
160 |
C0 |
192 |
E0 |
224 |
01 |
001 |
21 |
033 |
41 |
065 |
61 |
097 |
81 |
129 |
A1 |
161 |
C1 |
193 |
E1 |
225 |
02 |
002 |
22 |
034 |
42 |
066 |
62 |
098 |
82 |
130 |
A2 |
162 |
C2 |
194 |
E2 |
226 |
03 |
003 |
23 |
035 |
43 |
067 |
63 |
099 |
83 |
131 |
A3 |
163 |
C3 |
195 |
E3 |
227 |
04 |
004 |
24 |
036 |
44 |
068 |
64 |
100 |
84 |
132 |
A4 |
164 |
C4 |
196 |
E4 |
228 |
05 |
005 |
25 |
037 |
45 |
069 |
65 |
101 |
85 |
133 |
A5 |
165 |
C5 |
197 |
E5 |
229 |
06 |
006 |
26 |
038 |
46 |
070 |
66 |
102 |
86 |
134 |
A6 |
166 |
C6 |
198 |
E6 |
230 |
07 |
007 |
27 |
039 |
47 |
071 |
67 |
103 |
87 |
135 |
A7 |
167 |
C7 |
199 |
E7 |
231 |
08 |
008 |
28 |
040 |
48 |
072 |
68 |
104 |
88 |
136 |
A8 |
168 |
C8 |
200 |
E8 |
232 |
09 |
009 |
29 |
041 |
49 |
073 |
69 |
105 |
89 |
137 |
A9 |
169 |
C9 |
201 |
E9 |
233 |
0A |
010 |
2A |
042 |
4A |
074 |
6A |
106 |
8A |
138 |
AA |
170 |
CA |
202 |
EA |
234 |
0B |
011 |
2B |
043 |
4B |
075 |
6B |
107 |
8B |
139 |
AB |
171 |
CB |
203 |
EB |
235 |
0C |
012 |
2C |
044 |
4C |
076 |
6C |
108 |
8C |
140 |
AC |
172 |
CC |
204 |
EC |
236 |
0D |
013 |
2D |
045 |
4D |
077 |
6D |
109 |
8D |
141 |
AD |
173 |
CD |
205 |
ED |
237 |
0E |
014 |
2E |
046 |
4E |
078 |
6E |
110 |
8E |
142 |
AE |
174 |
CE |
206 |
EE |
238 |
0F |
015 |
2F |
047 |
4F |
079 |
6F |
111 |
8F |
143 |
AF |
175 |
CF |
207 |
EF |
239 |
10 |
016 |
30 |
048 |
50 |
080 |
70 |
112 |
90 |
144 |
B0 |
176 |
D0 |
208 |
F0 |
240 |
11 |
017 |
31 |
049 |
51 |
081 |
71 |
113 |
91 |
145 |
B1 |
177 |
D1 |
209 |
F1 |
241 |
12 |
018 |
32 |
050 |
52 |
082 |
72 |
114 |
92 |
146 |
B2 |
178 |
D2 |
210 |
F2 |
242 |
13 |
019 |
33 |
051 |
53 |
083 |
73 |
115 |
93 |
147 |
B3 |
179 |
D3 |
211 |
F3 |
243 |
14 |
020 |
34 |
052 |
54 |
084 |
74 |
116 |
94 |
148 |
B4 |
180 |
D4 |
212 |
F4 |
244 |
15 |
021 |
35 |
053 |
55 |
085 |
75 |
117 |
95 |
149 |
B5 |
181 |
D5 |
213 |
F5 |
245 |
16 |
022 |
36 |
054 |
56 |
086 |
76 |
118 |
96 |
150 |
B6 |
182 |
D6 |
214 |
F6 |
246 |
17 |
023 |
37 |
055 |
57 |
087 |
77 |
119 |
97 |
151 |
B7 |
183 |
D7 |
215 |
F7 |
247 |
18 |
024 |
38 |
056 |
58 |
088 |
78 |
120 |
98 |
152 |
B8 |
184 |
D8 |
216 |
F8 |
248 |
19 |
025 |
39 |
057 |
59 |
089 |
79 |
121 |
99 |
153 |
B9 |
185 |
D9 |
217 |
F9 |
249 |
1A |
026 |
3A |
058 |
5A |
090 |
7A |
122 |
9A |
154 |
BA |
186 |
DA |
218 |
FA |
250 |
1B |
027 |
3B |
059 |
5B |
091 |
7B |
123 |
9B |
155 |
BB |
187 |
DB |
219 |
FB |
251 |
1C |
028 |
3C |
060 |
5C |
092 |
7C |
124 |
9C |
156 |
BC |
188 |
DC |
220 |
FC |
252 |
1D |
029 |
3D |
061 |
5D |
093 |
7D |
125 |
9D |
157 |
BD |
189 |
DD |
221 |
FD |
253 |
1E |
030 |
3E |
062 |
5E |
094 |
7E |
126 |
9E |
158 |
BE |
190 |
DE |
222 |
FE |
254 |
1F |
031 |
3F |
063 |
5F |
095 |
7F |
127 |
9F |
159 |
BF |
191 |
DF |
223 |
FF |
255 |