GK command on Thales Payshield 9000 HSM

Question

Right now we are integrating our software with Thales Payshield 9000 HSM and have following problem:

We are having difficulties using GK (Export Key under RSA public key) command. We successfully generate DEK key using A0 command. We also successfully import public key to HSM using EO command. Now we want to export DEK key using imported public key. To do that we use GK command. After sending command to HSM we get response from HSM with error code 15 (which means “Invalid input data…”). We are unable to find which message parameter is incorrect / or missing. Maybe someone can provide us with GK command example so we may analyse it and find problem in our message?

Please post your: A0 and A1 commands, GK and GL commands – Panagiotis Giannakis Sep 20 '16 at 10:59 — Panagiotis Giannakis, Sep 20 '16 at 10:59
You are having problems so you should show your GK data. – Ahmet Arslan Oct 31 '16 at 15:12 — Ahmet Arslan, Oct 31 '16 at 15:12

score 1 · Answer 1 · answered Aug 21 '18 at 11:15

It depends on the key type, the number of components for generating and etc. but basically should look like this:

Secure>GK

Variant scheme or keyblock scheme? [V/K]: K
Enter algorithm type [D=DES, A=AES]: A
Enter the number of components to generate: [2-9]: 3
Enter the number of components required to reconstitute the LMK: [2-3]: 3
Key status? [L/T]: L

Check value for the LMK: 148D29
Insert blank card and enter PIN: ******
    Writing keys...
    Checking keys...
Device write complete, check: B0D19F

Insert blank card and enter PIN: ******
    Writing keys...
    Checking keys...
Device write complete, check: 36996A

Insert blank card and enter PIN: ******
    Writing keys...
    Checking keys...
Device write complete, check: E28B5E

GK command on Thales Payshield 9000 HSM

1 Answers1