|

»

[jpos-users] help about ISO-1 (ECI-4)

View: New views

9 Messages — Rating Filter: Alert me

	[jpos-users] help about ISO-1 (ECI-4) by Aatif_Chaudhry :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello, I need some knowledge of ISO-1 standard. How it works in ISO-8583 message formation (steps to generate an encrypted PIN block from user's input)? and related terms like PIN Encryption Key etc ... Thanx --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "jPOS Users" group. Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first To post to this group, send email to jpos-users@... To unsubscribe, send email to jpos-users+unsubscribe@... For more options, visit this group at http://groups.google.com/group/jpos-users -~----------~----~----~----~------~----~------~--~---
	[jpos-users] Re: help about ISO-1 (ECI-4) by chhil :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message http://jpos.org/wiki/HSM_basics On Fri, Sep 25, 2009 at 5:11 PM, enKoder <gaatif@...> wrote: > > Hello, > > I need some knowledge of ISO-1 standard. How it works in ISO-8583 > message formation (steps to generate an encrypted PIN block from > user's input)? and related terms like PIN Encryption Key etc ... > > Thanx > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "jPOS Users" group. Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first To post to this group, send email to jpos-users@... To unsubscribe, send email to jpos-users+unsubscribe@... For more options, visit this group at http://groups.google.com/group/jpos-users -~----------~----~----~----~------~----~------~--~---
	[jpos-users] Re: help about ISO-1 (ECI-4) by Mark Salter-5 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message enKoder wrote: > I need some knowledge of ISO-1 standard. How it works in ISO-8583 > message formation (steps to generate an encrypted PIN block from > user's input)? and related terms like PIN Encryption Key etc ... The ISO8583 message format/field and PIN block format expected will vary slightly from target system to target system. The PAN, service code, a pin offset (perhaps) a key and an HSM will be needed to produce a PIN block of whatever format. What have you found out so far? What specifically (not generally) do you want to know? Chhil's link is a great starter, but had you already read that? 8) -- Mark --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "jPOS Users" group. Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first To post to this group, send email to jpos-users@... To unsubscribe, send email to jpos-users+unsubscribe@... For more options, visit this group at http://groups.google.com/group/jpos-users -~----------~----~----~----~------~----~------~--~---
	[jpos-users] Re: help about ISO-1 (ECI-4) by Aatif_Chaudhry :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I want to know how the specified PIN block can be generated programmatically by using PIN, PAN, service code (what is it? by the way) and Key? like ISO-0 block can be generated by XORing some PIN and PAN based hex strings... Secondly, I want to know about; Is length of user's PIN fixed? length of Key? length or no. of PAN digits? service code? and anything related which I missed.. Regards, On Fri, Sep 25, 2009 at 6:46 PM, Mark Salter <marksalter@...> wrote: enKoder wrote: > I need some knowledge of ISO-1 standard. How it works in ISO-8583 > message formation (steps to generate an encrypted PIN block from > user's input)? and related terms like PIN Encryption Key etc ... The ISO8583 message format/field and PIN block format expected will vary slightly from target system to target system. The PAN, service code, a pin offset (perhaps) a key and an HSM will be needed to produce a PIN block of whatever format. What have you found out so far? What specifically (not generally) do you want to know? Chhil's link is a great starter, but had you already read that? 8) -- Mark -- ------- Muhammad Aatif Ghafoor Team Lead Developer Paybox Pakistan Pvt. Ltd. 56-XX, DHA Lahore, Pakistan Cell: 92-333-8125575 Tel: 92-42-111-PAYBOX (729269) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "jPOS Users" group. Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first To post to this group, send email to jpos-users@... To unsubscribe, send email to jpos-users+unsubscribe@... For more options, visit this group at http://groups.google.com/group/jpos-users -~----------~----~----~----~------~----~------~--~---
	[jpos-users] Re: help about ISO-1 (ECI-4) by Aatif_Chaudhry :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I want to know how the specified PIN block can be generated programmatically by using PIN, PAN, service code (what is it? by the way) and Key? like ISO-0 block can be generated by XORing some PIN and PAN based hex strings... Secondly, I want to know about; Is length of user's PIN fixed? length of Key? length or no. of PAN digits? service code? and anything related which I missed.. Regards, On Fri, Sep 25, 2009 at 6:46 PM, Mark Salter <marksalter@...> wrote: enKoder wrote: > I need some knowledge of ISO-1 standard. How it works in ISO-8583 > message formation (steps to generate an encrypted PIN block from > user's input)? and related terms like PIN Encryption Key etc ... The ISO8583 message format/field and PIN block format expected will vary slightly from target system to target system. The PAN, service code, a pin offset (perhaps) a key and an HSM will be needed to produce a PIN block of whatever format. What have you found out so far? What specifically (not generally) do you want to know? Chhil's link is a great starter, but had you already read that? 8) -- Mark --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "jPOS Users" group. Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first To post to this group, send email to jpos-users@... To unsubscribe, send email to jpos-users+unsubscribe@... For more options, visit this group at http://groups.google.com/group/jpos-users -~----------~----~----~----~------~----~------~--~---
	[jpos-users] Re: help about ISO-1 (ECI-4) by Victor Salaman :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi: You really want to buy an HSM, even for testing :) Anyhow, please take a look at the org.jpos.security package. Take a look at the calculatePINBlock method.... The rest is simple encryption :) You want something along the lines of (although this won't compile for you!): public static byte[] generatePINBlock(String zmk,account,String track2,String pin) throws SMException { JCESecurityModule sm = new JCESecurityModule(); JCEHandler h=new JCEHandler(new SunJCE()); Key key=h.formDESKey((short) 64, ISOUtil.hex2byte(zmk)); byte[] clearPINBlock = sm.calculatePINBlock(pin, JCESecurityModule.FORMAT00, account); byte[] translatedPINBlock = h.encryptData(clearPINBlock, key); EncryptedPIN encryptedPIN = new EncryptedPIN(translatedPINBlock, JCESecurityModule.FORMAT00, account); return encryptedPIN.getPINBlock(); } /V On Fri, Sep 25, 2009 at 4:27 PM, M. Aatif Ghafoor <gaatif@...> wrote: I want to know how the specified PIN block can be generated programmatically by using PIN, PAN, service code (what is it? by the way) and Key? like ISO-0 block can be generated by XORing some PIN and PAN based hex strings... Secondly, I want to know about; Is length of user's PIN fixed? length of Key? length or no. of PAN digits? service code? and anything related which I missed.. Regards, On Fri, Sep 25, 2009 at 6:46 PM, Mark Salter <marksalter@...> wrote: enKoder wrote: > I need some knowledge of ISO-1 standard. How it works in ISO-8583 > message formation (steps to generate an encrypted PIN block from > user's input)? and related terms like PIN Encryption Key etc ... The ISO8583 message format/field and PIN block format expected will vary slightly from target system to target system. The PAN, service code, a pin offset (perhaps) a key and an HSM will be needed to produce a PIN block of whatever format. What have you found out so far? What specifically (not generally) do you want to know? Chhil's link is a great starter, but had you already read that? 8) -- Mark -- ------- Muhammad Aatif Ghafoor Team Lead Developer Paybox Pakistan Pvt. Ltd. 56-XX, DHA Lahore, Pakistan Cell: 92-333-8125575 Tel: 92-42-111-PAYBOX (729269) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "jPOS Users" group. Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first To post to this group, send email to jpos-users@... To unsubscribe, send email to jpos-users+unsubscribe@... For more options, visit this group at http://groups.google.com/group/jpos-users -~----------~----~----~----~------~----~------~--~---
	[jpos-users] Re: help about ISO-1 (ECI-4) by Mark Salter-5 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message M. Aatif Ghafoor wrote: > I want to know how the specified PIN block can be generated programmatically > by using PIN, PAN, service code (what is it? by the way) and Key? like ISO-0 > block can be generated by XORing some PIN and PAN based hex strings... As Victor states an HSM is where PIN blocks should be generated, clear PINs being just held in cardholder's minds. The algorythm is documented... > > Secondly, I want to know about; > > Is length of user's PIN fixed? PIN's can be 1? - 12 digits, but are fixed by the Issuer. 4 digits seems 'normal' although 6 digit PINs are starting to be used. > length of Key? Will depend on the crypto strength - 3DES so double length keys - 16 bytes would be likely. > length or no. of PAN digits? last 12, excluding check goes in (from memory). > service code? Sorry I lost the plot here - service code makes an appearence in CVV and the like, not PIN. -- Mark --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "jPOS Users" group. Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first To post to this group, send email to jpos-users@... To unsubscribe, send email to jpos-users+unsubscribe@... For more options, visit this group at http://groups.google.com/group/jpos-users -~----------~----~----~----~------~----~------~--~---
	[jpos-users] Re: help about ISO-1 (ECI-4) by Aatif_Chaudhry :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message thanks Victor, for guiding me towards 'calculatePINBlock' method, but it doesn't appear to have support for ISO-1 format i-e FORMAT05 in jpos... public static byte[] generatePINBlock(String zmk,account,String track2,String pin) throws SMException { JCESecurityModule sm = new JCESecurityModule(); JCEHandler h=new JCEHandler(new SunJCE()); Key key=h.formDESKey((short) 64, ISOUtil.hex2byte(zmk)); byte[] clearPINBlock = sm.calculatePINBlock(pin, JCESecurityModule.FORMAT00, account); byte[] translatedPINBlock = h.encryptData(clearPINBlock, key); EncryptedPIN encryptedPIN = new EncryptedPIN(translatedPINBlock, JCESecurityModule.FORMAT00, account); return encryptedPIN.getPINBlock(); } Thanks. On Sat, Sep 26, 2009 at 1:58 AM, Mark Salter <marksalter@...> wrote: M. Aatif Ghafoor wrote: > I want to know how the specified PIN block can be generated programmatically > by using PIN, PAN, service code (what is it? by the way) and Key? like ISO-0 > block can be generated by XORing some PIN and PAN based hex strings... As Victor states an HSM is where PIN blocks should be generated, clear PINs being just held in cardholder's minds. The algorythm is documented... > > Secondly, I want to know about; > > Is length of user's PIN fixed? PIN's can be 1? - 12 digits, but are fixed by the Issuer. 4 digits seems 'normal' although 6 digit PINs are starting to be used. > length of Key? Will depend on the crypto strength - 3DES so double length keys - 16 bytes would be likely. > length or no. of PAN digits? last 12, excluding check goes in (from memory). > service code? Sorry I lost the plot here - service code makes an appearence in CVV and the like, not PIN. -- Mark --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "jPOS Users" group. Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first To post to this group, send email to jpos-users@... To unsubscribe, send email to jpos-users+unsubscribe@... For more options, visit this group at http://groups.google.com/group/jpos-users -~----------~----~----~----~------~----~------~--~---
	[jpos-users] Re: help about ISO-1 (ECI-4) by David Bergert-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Format ISO-1 isn't allowed for TG-3 compliance... From TG-3: X9 Approved PIN Block Formats Documented procedures exist and are followed that ensure any cleartext PIN-block format combined with a PIN encryption process has the characteristic that, for different accounts, encryption of the same PIN value under a given encryption key does not predictably produce the same encrypted result. (Note: any cleartext PIN block, formats 0 and 3 meet this requirement, as specified in X9.8-1). and http://www.andyorrock.com/2009/07/eliminate-all-unused-pin-block-formats-from-your-hsms.html ISO Format 0 - uses the AccountNumber and PIN ISO Format 1 only uses the PIN and random data ISO Format 3 - uses the AccountNumber, PIN, and random data ISO 1 is not bound to an account number -- many PIN attacks with HSM's involve translating a PIN format from 0 or 3 to format 1 to attack it. David Bergert, CISSP, CISA, CPISM/A www.paymentsystemsblog.com On Oct 21, 2009, at 6:24 AM, M. Aatif Ghafoor wrote: > thanks Victor, for guiding me towards 'calculatePINBlock' method, > but it doesn't appear to have support for ISO-1 format i-e FORMAT05 > in jpos... > > public static byte[] generatePINBlock(String zmk,account,String > track2,String pin) throws SMException > { > JCESecurityModule sm = new JCESecurityModule(); > JCEHandler h=new JCEHandler(new SunJCE()); > Key key=h.formDESKey((short) 64, ISOUtil.hex2byte(zmk)); > byte[] clearPINBlock = sm.calculatePINBlock(pin, > JCESecurityModule.FORMAT00, account); > byte[] translatedPINBlock = h.encryptData(clearPINBlock, key); > EncryptedPIN encryptedPIN = new EncryptedPIN > (translatedPINBlock, JCESecurityModule.FORMAT00, account); > return encryptedPIN.getPINBlock(); > } > > Thanks. > > On Sat, Sep 26, 2009 at 1:58 AM, Mark Salter > <marksalter@...> wrote: > > M. Aatif Ghafoor wrote: > > I want to know how the specified PIN block can be generated > programmatically > > by using PIN, PAN, service code (what is it? by the way) and Key? > like ISO-0 > > block can be generated by XORing some PIN and PAN based hex > strings... > As Victor states an HSM is where PIN blocks should be generated, clear > PINs being just held in cardholder's minds. > > The algorythm is documented... > > > > > Secondly, I want to know about; > > > > Is length of user's PIN fixed? > PIN's can be 1? - 12 digits, but are fixed by the Issuer. 4 digits > seems 'normal' although 6 digit PINs are starting to be used. > > > length of Key? > Will depend on the crypto strength - 3DES so double length keys - 16 > bytes would be likely. > > > length or no. of PAN digits? > last 12, excluding check goes in (from memory). > > > service code? > Sorry I lost the plot here - service code makes an appearence in CVV > and > the like, not PIN. > > -- > Mark > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "jPOS Users" group. Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first To post to this group, send email to jpos-users@... To unsubscribe, send email to jpos-users+unsubscribe@... For more options, visit this group at http://groups.google.com/group/jpos-users -~----------~----~----~----~------~----~------~--~---