Java to HSM connection and sending "GC" / FK" commands

0
votes

Here is code to send and receive data from HSM

public class TestHSMJava {
public static void main(String args[]) {
    System.out.println("<<< Main Method Entry >>>");
    String command = null;
    Socket socket = null;
    DataOutputStream out = null;
    DataInputStream in = null;
    byte[] b= new byte[100];
    try {
        socket = new Socket("10.10.10.10", 7500);
        System.out.println("<<< Socket >>> :" + socket);
        if (socket != null) {
            System.out.println("<<< Connected to HSM  >>>:"
                    + socket.isConnected());
            in = new DataInputStream (new BufferedInputStream(socket.getInputStream()));
            out = new DataOutputStream (new BufferedOutputStream(socket.getOutputStream()));
            command = "0006303030304e43";
            out.writeUTF(command);
            System.out.println("Input to HSM : " +command);
            out.flush();
            String response = in.readUTF();
            System.out.println("Output from HSM : " +response);
            System.out.println("");
        }
    }
}

The questions is which command I need to send for execute "GC" command (Translate a ZPK from LMK to ZMK Encryption) I need to generate a clear components for TPK-key. Usually I do

gc
Enter key length [1,2,3]: 2
Enter key type: 002
Enter key scheme: u

and then

fk
Enter key length [1,2,3]: 2
Enter key type: 002
Enter key scheme: u
Enter component type [X,H,T,E,S]: x
Enter number of components [1-9]: 2

I need to do those actions using Java-program.

1
javaconnectioncommandhsm

1 Answers

1
votes

The generation of components and forming of a key are typically console actions. Having generated and formed the key the result would be used in the GC translate command

if you need to generate a key via the host command you can use the A0 command and use the output from that in the GC command

I can probably help you more through the official channels. If you have a support contract please email the help desk and mention that you've submitted a question on stackoverflow and the email should make its way to me

if you're looking for help regarding the java code above:

you basically just need to substitute the value in "command" for the command you want to send

you currently have

command = "0006303030304e43";

this translates to 0000NC with the 1st two bytes containing the length in bytes - 0006

if you want to send A00002U (0=generate; 002=tpk;u=key scheme) you should prepend this with a header, e.g., 0000 and prepend the whole string with the length

the command to send is then 0000A00002U which is 11 bytes

so the command, in bytes, to send to the hsm is

command = "000b3030303041303030303255";