Home » Security » Dasar Konfigurasi HSM

Dasar Konfigurasi HSM

Recent Comments

Archives

Calendar

February 2017
M T W T F S S
« Apr   Mar »
 12345
6789101112
13141516171819
20212223242526
2728  

Merubah settimg Port Host

Secure>ch

Please make a selection.  The current setting is in parentheses.

Message header length [1-255] (4):

Host interface [[A]sync, [E]thernet] (E):

Enter Well-Known-Port (1500):

Enter Well-Known-TLS-Port (2500):

UDP [Y/N] (N):

TCP [Y/N] (Y):

TLS/SSL [Y/N] (N):

ACL Enabled [Y/N] (N):

Number of connections [1-64] (5):

Enter TCP keep alive timeout [1-120 minutes] (120):

Number of interfaces [1/2] (1):

Interface Number [1/2] (1):

 

Interface Number 1:

IP Configuration Method? [D]HCP or [S]tatic (DHCP): s

Enter IP Address (10.7.129.100): 192.168.1.17

Enter subnet mask (255.255.255.0):

Enter Default Gateway Address (10.7.129.1): 192.168.1.1

 

Enter speed setting for this port:

 

SPEED OPTIONS:

0   Autoselect

1   10BaseT half-duplex

2   10BaseT full-duplex

3   100BaseTX half-duplex

4   100BaseTX full-duplex

5   1000BaseT half-duplex

6   1000BaseT full-duplex

 

Speed setting (0):

 

Save HOST settings to smart card? [Y/N]: n

 

 

Melihat setting Port Host

Secure>qh

Message header length: 04

Protocol: Ethernet

Well-Known-Port: 01500

Well-Known-TLS-Port: 02500

Transport:  TCP, 5 connections

TCP Keep_Alive value (minutes): 120 minutes

ACL: Disabled

Number of interfaces : (1)

 

Interface Number: 1

IP Configuration Method: static

IP address: 192.168.1.17

Subnet mask: 255.255.255.0

Default Gateway: 192.168.1.1

MAC address: 00:d0:fa:04:c0:18

Port speed: Ethernet none

Port speed: Ethernet autoselect (1000baseT full-duplex)

 

 

Melihat LMK d HSM

Online>v

Enter LMK id [0-1]: 0

Check: 268604

Online> qs

PIN length: 06

Encrypted PIN length: 07

Echo: OFF

Atalla ZMK variant support: OFF

Transaction key support: NONE

User storage key length: SINGLE

Display general information on payShield Manager Landing Page: NO

Default LMK identifier: 00

Management LMK identifier: 00

 

Select clear PINs: NO

Enable ZMK translate command: YES

Enable X9.17 for import: YES

Enable X9.17 for export: YES

Solicitation batch size: 1024

Single-DES: ENABLED

Prevent single-DES keys masquerading as double or triple-length keys: NO

ZMK length: SINGLE

Decimalization tables: PLAINTEXT

Decimalization table checks: ENABLED

PIN encryption algorithm: A

 

Press “Enter” to view additional security settings…

 

Authorized state required when importing DES key under RSA key: YES

Minimum HMAC length in bytes: 10

Enable PKCS#11 import and export for HMAC keys: NO

Enable ANSI X9.17 import and export for HMAC keys: NO

Enable ZEK/TEK encryption of ASCII data or Binary data or None: NONE

Restrict key check values to 6 hex chars: YES

Enable multiple authorized activities: NO

Enable variable length PIN offset: YES

Enable weak PIN checking: NO

Enable PIN block Format 34 as output format for PIN translations to ZPK: NO

Enable translation of account number for LMK encrypted PINs: NO

Enable 2DES LMK encryption of 3DES/2048-bit RSA keys: YES

 

Use HSM clock for date/time validation: YES

Additional padding to disguise key length: NO

Key export and import in trusted format only: NO

Protect MULTOS cipher data checksums: YES

Enable use of Tokens in PIN Translation: NO

Enable use of Tokens in PIN Verification: NO

 

NOTE: The following settings are not all PCI HSM compliant.

Card/password authorization (local): C

Restrict PIN block usage for PCI HSM Compliance: NO

Enforce key type 002 separation for PCI HSM compliance: NO

Enforce Authorization Time Limit: NO

Enforce Multiple Key Components: NO

 

 

Online>

Online> a

Enter LMK id [0-1]: 0

First officer:

Insert card and press ENTER: 1234

Enter PIN: ****

Smartcard Error:

Not a LMK card

Online> vc

Insert card and press ENTER: 1234

Enter PIN: ****

Pin rejected by card; re-enter: *****

 

Scheme: Variant  3DES(2key)

Check: 268604

Compare with card: Pass

 

 

Online>

Terminated

 

Online> vc

 

Insert card and press ENTER:

Enter PIN: *****

 

Scheme: Variant  3DES(2key)

Check: 268604

Compare with card: Pass

 

 

Online> a

 

Enter LMK id [0-1]: 0

 

First officer:

Insert card and press ENTER:

Enter PIN: *****

 

Second officer:

Insert card and press ENTER: 12345

Enter PIN: *****

 

AUTHORIZED

 

Online-AUTH> v

 

Enter LMK id [0-1]: 0

 

Check: 268604

 

Mengenerate ZMK Komponen

Online-AUTH> f

Clear ZMK component: 2A92706B7658E99D

Encrypted ZMK component: E5ED 156A 88B7 E7F8

Key check value: 3684 2100 0000 0000

Online-AUTH> f

Clear ZMK component: AD7ABF52A4131A7A

Encrypted ZMK component: 0B10 8F35 4AE4 F366

Key check value: 2E4E A400 0000 0000

 

Form ZMK Komponen

 

Online-AUTH>fk

 

Enter LMK id [0-1]: 0

Enter key length [1,2,3]: 1

Enter key type: 000

Enter key scheme: z

Enter component type [X,H,T,E,S]: x

Enter number of components [1-9]: 2

 

Enter component 1: *******************

Component 1 check value: 368421

Continue? [Y/N]: y

 

Enter component 2: *******************

Component 2 check value: 2E4EA4

Continue? [Y/N]: y

 

Encrypted key: 79A4 FC9B 31B5 5C1F

Key check value: 91A64F

 

 

Generate ZPK

Online-AUTH>kg

Enter LMK id [0-1]: 0

Enter key length [1,2,3]: 1

Enter key type: 001

Enter key scheme (LMK): z

Enter key scheme (ZMK): z

Enter ZMK: 79A4FC9B31B55C1F

 

Key under LMK: 2E9B 83468CE81506

Key under ZMK:

Key check value: 131884

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: