Thales PayShield HSM key management










1















I'm reading PayShield docs and have stumbled upon a question regarding key management and LMK when importing keys:



  • PayShield can store up to 20 LMKs. When performing commands (like A6 - Import a Key), how does the HSM know which LMK to use? As a parameter it only asks for a key type, but aren't key types the same for different LMKs (considering they're all variant)?

  • Command import a key asks you to provide key already encrypted under ZMK, for example when transferring a key from one HSM to another. Is there a way to import plaintext unencrypted keys into an HSM? For example, I think of some random sequence and then try to import it into HSM. If not, can you somehow encrypt it under ZMK or must all such new keys be generated using appropriate HSM command?





cryptography hsm







share|improve this question






















  • Just wondering if this in a university class that has such an HSM?

    – zaph
    Nov 13 '18 at 17:27















1















I'm reading PayShield docs and have stumbled upon a question regarding key management and LMK when importing keys:



  • PayShield can store up to 20 LMKs. When performing commands (like A6 - Import a Key), how does the HSM know which LMK to use? As a parameter it only asks for a key type, but aren't key types the same for different LMKs (considering they're all variant)?

  • Command import a key asks you to provide key already encrypted under ZMK, for example when transferring a key from one HSM to another. Is there a way to import plaintext unencrypted keys into an HSM? For example, I think of some random sequence and then try to import it into HSM. If not, can you somehow encrypt it under ZMK or must all such new keys be generated using appropriate HSM command?





cryptography hsm







share|improve this question






















  • Just wondering if this in a university class that has such an HSM?

    – zaph
    Nov 13 '18 at 17:27













1












1








1








I'm reading PayShield docs and have stumbled upon a question regarding key management and LMK when importing keys:



  • PayShield can store up to 20 LMKs. When performing commands (like A6 - Import a Key), how does the HSM know which LMK to use? As a parameter it only asks for a key type, but aren't key types the same for different LMKs (considering they're all variant)?

  • Command import a key asks you to provide key already encrypted under ZMK, for example when transferring a key from one HSM to another. Is there a way to import plaintext unencrypted keys into an HSM? For example, I think of some random sequence and then try to import it into HSM. If not, can you somehow encrypt it under ZMK or must all such new keys be generated using appropriate HSM command?





cryptography hsm







share|improve this question














I'm reading PayShield docs and have stumbled upon a question regarding key management and LMK when importing keys:



  • PayShield can store up to 20 LMKs. When performing commands (like A6 - Import a Key), how does the HSM know which LMK to use? As a parameter it only asks for a key type, but aren't key types the same for different LMKs (considering they're all variant)?

  • Command import a key asks you to provide key already encrypted under ZMK, for example when transferring a key from one HSM to another. Is there a way to import plaintext unencrypted keys into an HSM? For example, I think of some random sequence and then try to import it into HSM. If not, can you somehow encrypt it under ZMK or must all such new keys be generated using appropriate HSM command?





cryptography hsm




cryptography hsm






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 13 '18 at 16:13









karolyzzkarolyzz

13115




13115












  • Just wondering if this in a university class that has such an HSM?

    – zaph
    Nov 13 '18 at 17:27

















  • Just wondering if this in a university class that has such an HSM?

    – zaph
    Nov 13 '18 at 17:27
















Just wondering if this in a university class that has such an HSM?

– zaph
Nov 13 '18 at 17:27





Just wondering if this in a university class that has such an HSM?

– zaph
Nov 13 '18 at 17:27












1 Answer
1






active

oldest

votes


















1














  1. You can identify a LMK in the command itself or by port. This is in the command or console reference manuals depending on the type of command.


  2. You can not import a clear key, you can form a key from a minimum of two clear components.






share|improve this answer























  • Full disclosure: I had help with this answer. 😁

    – zaph
    Nov 13 '18 at 21:33











  • Thanks. Adding to the answer: after reading the docs, apparently (2) only applies to the console commands. Host does not have this option, thus my original confusion.

    – karolyzz
    Nov 23 '18 at 11:32










Your Answer






StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53285120%2fthales-payshield-hsm-key-management%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














  1. You can identify a LMK in the command itself or by port. This is in the command or console reference manuals depending on the type of command.


  2. You can not import a clear key, you can form a key from a minimum of two clear components.






share|improve this answer























  • Full disclosure: I had help with this answer. 😁

    – zaph
    Nov 13 '18 at 21:33











  • Thanks. Adding to the answer: after reading the docs, apparently (2) only applies to the console commands. Host does not have this option, thus my original confusion.

    – karolyzz
    Nov 23 '18 at 11:32















1














  1. You can identify a LMK in the command itself or by port. This is in the command or console reference manuals depending on the type of command.


  2. You can not import a clear key, you can form a key from a minimum of two clear components.






share|improve this answer























  • Full disclosure: I had help with this answer. 😁

    – zaph
    Nov 13 '18 at 21:33











  • Thanks. Adding to the answer: after reading the docs, apparently (2) only applies to the console commands. Host does not have this option, thus my original confusion.

    – karolyzz
    Nov 23 '18 at 11:32













1












1








1







  1. You can identify a LMK in the command itself or by port. This is in the command or console reference manuals depending on the type of command.


  2. You can not import a clear key, you can form a key from a minimum of two clear components.






share|improve this answer













  1. You can identify a LMK in the command itself or by port. This is in the command or console reference manuals depending on the type of command.


  2. You can not import a clear key, you can form a key from a minimum of two clear components.







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 13 '18 at 17:20









zaphzaph

98k18151193




98k18151193












  • Full disclosure: I had help with this answer. 😁

    – zaph
    Nov 13 '18 at 21:33











  • Thanks. Adding to the answer: after reading the docs, apparently (2) only applies to the console commands. Host does not have this option, thus my original confusion.

    – karolyzz
    Nov 23 '18 at 11:32

















  • Full disclosure: I had help with this answer. 😁

    – zaph
    Nov 13 '18 at 21:33











  • Thanks. Adding to the answer: after reading the docs, apparently (2) only applies to the console commands. Host does not have this option, thus my original confusion.

    – karolyzz
    Nov 23 '18 at 11:32
















Full disclosure: I had help with this answer. 😁

– zaph
Nov 13 '18 at 21:33





Full disclosure: I had help with this answer. 😁

– zaph
Nov 13 '18 at 21:33













Thanks. Adding to the answer: after reading the docs, apparently (2) only applies to the console commands. Host does not have this option, thus my original confusion.

– karolyzz
Nov 23 '18 at 11:32





Thanks. Adding to the answer: after reading the docs, apparently (2) only applies to the console commands. Host does not have this option, thus my original confusion.

– karolyzz
Nov 23 '18 at 11:32

















draft saved

draft discarded
















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53285120%2fthales-payshield-hsm-key-management%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

這個網誌中的熱門文章

Barbados

圖片
For other uses, see Barbados (disambiguation). Not to be confused with Barbuda. Coordinates: 13°10′N 59°33′W  /  13.167°N 59.550°W  / 13.167; -59.550 Barbados Flag Coat of arms Motto:  "Pride and Industry" Anthem:  In Plenty and In Time of Need Capital and largest city Bridgetown 13°06′N 59°37′W  /  13.100°N 59.617°W  / 13.100; -59.617 Official languages English Recognised regional languages Bajan Creole Ethnic groups (est. 2010 [1] ) 92.4% black 3.1% multiracial 2.7% white 1.3% East Indian 0.5% other/unspecified Religion 75.6% Christian 2.5% other 20.6% none 1.2% unspecified [1] Demonym(s) Barbadian Bajan (colloquial) Government Unitary parliamentary constitutional monarchy • Monarch Elizabeth II •  Governor-General Dame Sandra Mason • Prime Minister Mia Mottley Legislature Parliament • Upper house Senate • Lower house House of Assembly Independence • From the United Kingdom 30 November 1966 Area • Total 439 km 2 (169 sq mi) (183rd) • Water (%) Negligib
閱讀完整內容

How to read a connectionString WITH PROVIDER in .NET Core?

圖片
6 I added .AddJsonFile("Connections.json", optional: true, reloadOnChange: true) in public Startup(IHostingEnvironment env) Connections.json contains: "ConnectionStrings": "DefaultConnection": "Server=(localdb)\mssqllocaldb;Database=DATABASE;Trusted_Connection=True;MultipleActiveResultSets=true", "COR-W81-101": "Data Source=DATASOURCE;Initial Catalog=P61_CAFM_Basic;User Id=USERID;Password=PASSWORD;Persist Security Info=False;MultipleActiveResultSets=False;Packet Size=4096;", "COR-W81-100": "Data Source=DATASOURCE;Initial Catalog=Post_PS;User Id=USERID;Password=PASSWORD;Persist Security Info=False;MultipleActiveResultSets=False;Packet Size=4096;", "MSEDGEWIN10": "Data Source=DATASOURCE; Initial Catalog=COR_Basic; Persist Security Info=False;Integrated Security=true;MultipleActiveResultSets=False;Packet Size=4096;Application Name="COR_Basic"", "server&qu
閱讀完整內容

Node.js Script on GitHub Pages or Amazon S3

圖片
0 I'm wondering if I can run a Node.js script in my Jekyll page from GitHub Pages or Amazon S3? I think it can't run on GitHub Pages since it doesn't support server side code. Not too sure. The code is below: var Airtable = require('airtable'); var base = new Airtable(apiKey: 'YOUR_API_KEY').base('appAnZVyYqusNPV5Q'); base('Invitee list').select( // Selecting the first 3 records in Complete list: maxRecords: 3, view: "Complete list" ).eachPage(function page(records, fetchNextPage) // This function (`page`) will get called for each page of records. records.forEach(function(record) console.log('Retrieved', record.get('Email')); ); // To fetch the next page of records, call `fetchNextPage`. // If there are more records, `page` will get called again. // If there are no more records, `done` will get called. fetchNextPage(); , function done(err) if (err) console.error(err); return; ); node.js
閱讀完整內容