Key Entry via PIN Pad
ProtectServer HSMs support key component entry via a compatible Verifone PIN pad. You must order the PIN pad directly from Thales; only Thales-distributed PIN pads are configured to work with ProtectServer.
Using a PIN pad for Key Entry
The ProtectServer HSM administrator can use these directions to enter key components via a compatible PIN pad. You require:
>compatible PIN pad with USB connector
>physical access to the ProtectServer HSM
>a client or host machine with ctkmu installed
>key components ready for entry in 3-digit decimal format (see Hexadecimal to Decimal Conversion Table)
To use a PIN pad for key entry
1.Connect the PIN pad to the USB port on the HSM card. It must be connected directly to the HSM and not one of the other USB ports on the appliance/host.
The PIN pad powers up and performs its startup processes.
2.On the client machine, use ctkmu to initiate the key entry procedure. You must include the -p option to use the PIN pad. See ctkmu for full command syntax.
>ctkmu c -s<slot> -t<key_type> -a<attributes> -n<name> -k<number_of_components> -p
3.The PIN pad prompts the user to enter the first byte of the first key component. Key components must be entered on the PIN pad in decimal. Refer to Hexadecimal to Decimal Conversion Table. Depending on the PIN pad model you received from Thales, the PIN pad responds in one of the following ways:
•The byte expected by the PIN pad is displayed. When you see this message, you have 20 seconds to enter the 3-digit byte before the operation times out.
• The byte expected by the PIN pad is displayed for 2 seconds, followed by the ENTER prompt. When you see this prompt, you have 20 seconds to enter the 3-digit byte before the operation times out.
Continue following the prompts on the PIN pad until all bytes have been entered.
4.When the entire component has been entered, the PIN pad displays the key component value (KCV) and prompts you to confirm it is correct by pressing the appropriate button.
5.The PIN pad prompts the user to enter the first byte of the second key component. Continue following the prompts until all key components are entered.
6.When all key components have been entered, ctkmu displays the KCV for the complete key and prompts you to confirm it.
Key 'des_1' KCV : 8CA64D Is this correct? [Y/n]: y Key "des_1" was created
Hexadecimal to Decimal Conversion Table
Hex | Dec | Hex | Dec | Hex | Dec | Hex | Dec | Hex | Dec | Hex | Dec | Hex | Dec | Hex | Dec |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
00 | 000 | 20 | 032 | 40 | 064 | 60 | 096 | 80 | 128 | A0 | 160 | C0 | 192 | E0 | 224 |
01 | 001 | 21 | 033 | 41 | 065 | 61 | 097 | 81 | 129 | A1 | 161 | C1 | 193 | E1 | 225 |
02 | 002 | 22 | 034 | 42 | 066 | 62 | 098 | 82 | 130 | A2 | 162 | C2 | 194 | E2 | 226 |
03 | 003 | 23 | 035 | 43 | 067 | 63 | 099 | 83 | 131 | A3 | 163 | C3 | 195 | E3 | 227 |
04 | 004 | 24 | 036 | 44 | 068 | 64 | 100 | 84 | 132 | A4 | 164 | C4 | 196 | E4 | 228 |
05 | 005 | 25 | 037 | 45 | 069 | 65 | 101 | 85 | 133 | A5 | 165 | C5 | 197 | E5 | 229 |
06 | 006 | 26 | 038 | 46 | 070 | 66 | 102 | 86 | 134 | A6 | 166 | C6 | 198 | E6 | 230 |
07 | 007 | 27 | 039 | 47 | 071 | 67 | 103 | 87 | 135 | A7 | 167 | C7 | 199 | E7 | 231 |
08 | 008 | 28 | 040 | 48 | 072 | 68 | 104 | 88 | 136 | A8 | 168 | C8 | 200 | E8 | 232 |
09 | 009 | 29 | 041 | 49 | 073 | 69 | 105 | 89 | 137 | A9 | 169 | C9 | 201 | E9 | 233 |
0A | 010 | 2A | 042 | 4A | 074 | 6A | 106 | 8A | 138 | AA | 170 | CA | 202 | EA | 234 |
0B | 011 | 2B | 043 | 4B | 075 | 6B | 107 | 8B | 139 | AB | 171 | CB | 203 | EB | 235 |
0C | 012 | 2C | 044 | 4C | 076 | 6C | 108 | 8C | 140 | AC | 172 | CC | 204 | EC | 236 |
0D | 013 | 2D | 045 | 4D | 077 | 6D | 109 | 8D | 141 | AD | 173 | CD | 205 | ED | 237 |
0E | 014 | 2E | 046 | 4E | 078 | 6E | 110 | 8E | 142 | AE | 174 | CE | 206 | EE | 238 |
0F | 015 | 2F | 047 | 4F | 079 | 6F | 111 | 8F | 143 | AF | 175 | CF | 207 | EF | 239 |
10 | 016 | 30 | 048 | 50 | 080 | 70 | 112 | 90 | 144 | B0 | 176 | D0 | 208 | F0 | 240 |
11 | 017 | 31 | 049 | 51 | 081 | 71 | 113 | 91 | 145 | B1 | 177 | D1 | 209 | F1 | 241 |
12 | 018 | 32 | 050 | 52 | 082 | 72 | 114 | 92 | 146 | B2 | 178 | D2 | 210 | F2 | 242 |
13 | 019 | 33 | 051 | 53 | 083 | 73 | 115 | 93 | 147 | B3 | 179 | D3 | 211 | F3 | 243 |
14 | 020 | 34 | 052 | 54 | 084 | 74 | 116 | 94 | 148 | B4 | 180 | D4 | 212 | F4 | 244 |
15 | 021 | 35 | 053 | 55 | 085 | 75 | 117 | 95 | 149 | B5 | 181 | D5 | 213 | F5 | 245 |
16 | 022 | 36 | 054 | 56 | 086 | 76 | 118 | 96 | 150 | B6 | 182 | D6 | 214 | F6 | 246 |
17 | 023 | 37 | 055 | 57 | 087 | 77 | 119 | 97 | 151 | B7 | 183 | D7 | 215 | F7 | 247 |
18 | 024 | 38 | 056 | 58 | 088 | 78 | 120 | 98 | 152 | B8 | 184 | D8 | 216 | F8 | 248 |
19 | 025 | 39 | 057 | 59 | 089 | 79 | 121 | 99 | 153 | B9 | 185 | D9 | 217 | F9 | 249 |
1A | 026 | 3A | 058 | 5A | 090 | 7A | 122 | 9A | 154 | BA | 186 | DA | 218 | FA | 250 |
1B | 027 | 3B | 059 | 5B | 091 | 7B | 123 | 9B | 155 | BB | 187 | DB | 219 | FB | 251 |
1C | 028 | 3C | 060 | 5C | 092 | 7C | 124 | 9C | 156 | BC | 188 | DC | 220 | FC | 252 |
1D | 029 | 3D | 061 | 5D | 093 | 7D | 125 | 9D | 157 | BD | 189 | DD | 221 | FD | 253 |
1E | 030 | 3E | 062 | 5E | 094 | 7E | 126 | 9E | 158 | BE | 190 | DE | 222 | FE | 254 |
1F | 031 | 3F | 063 | 5F | 095 | 7F | 127 | 9F | 159 | BF | 191 | DF | 223 | FF | 255 |