Key Entry via PIN Pad

ProtectServer HSMs support key component entry via a compatible Verifone PIN pad. You must order the PIN pad directly from Thales; only Thales-distributed PIN pads are configured to work with ProtectServer.

Using a PIN pad for Key Entry

The ProtectServer HSM administrator can use these directions to enter key components via a compatible PIN pad. You require:

>compatible PIN pad with USB connector

>physical access to the ProtectServer HSM

>a client or host machine with ctkmu installed

>key components ready for entry in 3-digit decimal format (see Hexadecimal to Decimal Conversion Table)

To use a PIN pad for key entry

1.Connect the PIN pad to the USB port on the HSM card. It must be connected directly to the HSM and not one of the other USB ports on the appliance/host.

The PIN pad powers up and performs its startup processes.

2.On the client machine, use ctkmu to initiate the key entry procedure. You must include the -p option to use the PIN pad. See ctkmu for full command syntax.

>ctkmu c -s<slot> -t<key_type> -a<attributes> -n<name> -k<number_of_components> -p

3.The PIN pad prompts the user to enter the first byte of the first key component. Key components must be entered on the PIN pad in decimal. Refer to Hexadecimal to Decimal Conversion Table. Depending on the PIN pad model you received from Thales, the PIN pad responds in one of the following ways:

The byte expected by the PIN pad is displayed. When you see this message, you have 20 seconds to enter the 3-digit byte before the operation times out.

     

The byte expected by the PIN pad is displayed for 2 seconds, followed by the ENTER prompt. When you see this prompt, you have 20 seconds to enter the 3-digit byte before the operation times out.

     

Continue following the prompts on the PIN pad until all bytes have been entered.

4.When the entire component has been entered, the PIN pad displays the key component value (KCV) and prompts you to confirm it is correct by pressing the appropriate button.

5.The PIN pad prompts the user to enter the first byte of the second key component. Continue following the prompts until all key components are entered.

6.When all key components have been entered, ctkmu displays the KCV for the complete key and prompts you to confirm it.

Key 'des_1' KCV : 8CA64D
Is this correct? [Y/n]: y

Key "des_1" was created

Hexadecimal to Decimal Conversion Table

Hex Dec Hex Dec Hex Dec Hex Dec Hex Dec Hex Dec Hex Dec Hex Dec
00 000 20 032 40 064 60 096 80 128 A0 160 C0 192 E0 224
01 001 21 033 41 065 61 097 81 129 A1 161 C1 193 E1 225
02 002 22 034 42 066 62 098 82 130 A2 162 C2 194 E2 226
03 003 23 035 43 067 63 099 83 131 A3 163 C3 195 E3 227
04 004 24 036 44 068 64 100 84 132 A4 164 C4 196 E4 228
05 005 25 037 45 069 65 101 85 133 A5 165 C5 197 E5 229
06 006 26 038 46 070 66 102 86 134 A6 166 C6 198 E6 230
07 007 27 039 47 071 67 103 87 135 A7 167 C7 199 E7 231
08 008 28 040 48 072 68 104 88 136 A8 168 C8 200 E8 232
09 009 29 041 49 073 69 105 89 137 A9 169 C9 201 E9 233
0A 010 2A 042 4A 074 6A 106 8A 138 AA 170 CA 202 EA 234
0B 011 2B 043 4B 075 6B 107 8B 139 AB 171 CB 203 EB 235
0C 012 2C 044 4C 076 6C 108 8C 140 AC 172 CC 204 EC 236
0D 013 2D 045 4D 077 6D 109 8D 141 AD 173 CD 205 ED 237
0E 014 2E 046 4E 078 6E 110 8E 142 AE 174 CE 206 EE 238
0F 015 2F 047 4F 079 6F 111 8F 143 AF 175 CF 207 EF 239
10 016 30 048 50 080 70 112 90 144 B0 176 D0 208 F0 240
11 017 31 049 51 081 71 113 91 145 B1 177 D1 209 F1 241
12 018 32 050 52 082 72 114 92 146 B2 178 D2 210 F2 242
13 019 33 051 53 083 73 115 93 147 B3 179 D3 211 F3 243
14 020 34 052 54 084 74 116 94 148 B4 180 D4 212 F4 244
15 021 35 053 55 085 75 117 95 149 B5 181 D5 213 F5 245
16 022 36 054 56 086 76 118 96 150 B6 182 D6 214 F6 246
17 023 37 055 57 087 77 119 97 151 B7 183 D7 215 F7 247
18 024 38 056 58 088 78 120 98 152 B8 184 D8 216 F8 248
19 025 39 057 59 089 79 121 99 153 B9 185 D9 217 F9 249
1A 026 3A 058 5A 090 7A 122 9A 154 BA 186 DA 218 FA 250
1B 027 3B 059 5B 091 7B 123 9B 155 BB 187 DB 219 FB 251
1C 028 3C 060 5C 092 7C 124 9C 156 BC 188 DC 220 FC 252
1D 029 3D 061 5D 093 7D 125 9D 157 BD 189 DD 221 FD 253
1E 030 3E 062 5E 094 7E 126 9E 158 BE 190 DE 222 FE 254
1F 031 3F 063 5F 095 7F 127 9F 159 BF 191 DF 223 FF 255