PIN Block translation on thales HSM not working

2
votes

I have encrypted a PIN block under a TPK (clear)

When I am going to translation my PIN block from encryption under TPK to encryption under ZPK given from client on real HSM then it is giving me either error code 24 or 20.

What can i do to resolve my issue ? I have tried many ways but it is not getting resolved.

Translation command I am using is CA - Translate a PIN from TPK to ZPK/BDK (3-DES DUKPT) Encryption.

Al these my operations working beautifully with thales HSM simulator.

1
translationhsm

1 Answers

2
votes

Errors you are getting are:

Error 20:PIN block does not contain valid values

Error 24:PIN is fewer than 4 or more than 12 digits in length

You said that you have clear TPK, but you can't do anything with clear keys on HSM. You have to import key and get key under LMK for any command. You also have to import this key as TPK key in HSM to use CA command. You can also import it as ZPK, but than you should use CC command.