encryption - Need help implementing key management scheme -

-

scheme has following requirements

  • client application should perform encryption/decryption using component 1, component 2 , zpk (zone pin key. client should key host in encrypted form).
  • host application should perform encryption/decryption using key mk (master key formed component 1 , component 2) , zpk.

here how i'm generating components

online-auth>gc enter lmk id [0-2]: 0 enter key length [1,2,3]: 2 enter key type: 002 enter key scheme: u clear component: **** **** **** **** **** **** **** ****  encrypted component: uxxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx  key check value: xxxxxx  online-auth>gc enter lmk id [0-2]: 0 enter key length [1,2,3]: 2 enter key type: 002 enter key scheme: u clear component: **** **** **** **** **** **** **** **** encrypted component: uyyyy yyyy yyyy yyyy yyyy yyyy yyyy yyyy  key check value: yyyyyy  online-auth>fk enter lmk id [0-2]: 0 enter key length [1,2,3]: 2 enter key type: 002 enter key scheme: u enter component type [x,h,t,e,s]: e enter number of components [1-9]: 2 enter component 1: uxxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx  component 1 check value: xxxxxx continue? [y/n]: y enter component 2: uyyyy yyyy yyyy yyyy yyyy yyyy yyyy yyyy component 2 check value: yyyyyy continue? [y/n]: y encrypted key: uzzzz zzzz zzzz zzzz zzzz zzzz zzzz zzzz  key check value: zzzzzz

what don’t understand is

  • what benefits of creating mk using enciphered components how decrypt enciphered zpk component 1 , component 2.
  • what relation between component 1, component 2 , output of fk command
  • is encrypting pin block under zpk enough/ubiquitous

any appreciated. ps want stick ubiquitous implementations.

you not first :)

i try explain (but english not clear enough :( ).

hsm never works plain keys, keys processing, encrypted under other, called key encryption key (kek), keys. lmk kek securely stored in secure environment, hsm. main idea of hsm is, can not real lmk key value, respectively, can not real working key plain value. keys using hsm cryptograms. lmk personal kek not accessible other parties (what means secure kek). these keys should keep in database use own hsm.

sometimes, need transmit keys other parties, eg, visa or mastercard exchange encrypted data pin-blocks. in case should use kek called zmk. transport key used other key exchange. unable use zmk encrypted keys hsm. first, must import key under lmk make managanbe.

conclusion:

1) should keep in db keys under lmk

2) keys under zmk used transmitted other parties.

if not clear enough pls not hesitate ask, try find explanation.


Comments

Post a Comment

Popular posts from this blog

javascript - Chart.js (Radar Chart) different scaleLineColor for each scaleLine -

-
Image
i try , create radar chart using chart.js has various colours each scaleline, or coloured between scalelines. wondering if possible? from: to: i have working graph, though there doesn't seem method change individual scale lines. kind regards leigh you can extend radar chart type this, so chart.types.radar.extend({ name: "radaralt", initialize: function (data) { chart.types.radar.prototype.initialize.apply(this, arguments); var originalscaledraw = this.scale.draw; var ctx = this.chart.ctx; this.scale.draw = function () { var linewidth = this.linewidth; // bypasses line drawing in originalscaledraw this.linewidth = linewidth; originalscaledraw.apply(this, arguments); ctx.linewidth = this.linewidth; var scale = this; // draw chart.helpers.each(scale.ylabels, function (label, index) { // color of ...
Read more

apache - Error with PHP mail(): Multiple or malformed newlines found in additional_header -

-
suddenly have started receiving above error without changes having been made script. host 1and1 (i know...) the script still works fine on different server, , suspicion there must have been server config change has lead this, although hosts plead ignorance. there's no information on above error @ in google can find - have ideas? server running apache if helps. had similar problem. came out of blue. no php code changed. what changed: php upgraded 5.5.25-1 5.5.26. a security risk in php mail() function has been fixed , newlines in additional_headers allowed no more. because newlines mean: starts email message (and surely don't want inject newlines through headers followed evil message). what have worked fine, e.g. having newlines after headers or passing whole message additional_headers , function no more. solution : sanitize headers. no multiple newlines in additional_headers argument. these count "multiple or malformed newlines":...
Read more

java - Android – MapFragment overlay button shadow, just like MyLocation button -

-
Image
i'm struggling add shadow custom overlay button on google map. goal make custom button google's mylocation button. here's how app looks now: layout.xml <relativelayout xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" xmlns:map="http://schemas.android.com/apk/res-auto" android:layout_height="match_parent" android:layout_width="match_parent" style="@style/apptheme"> <fragment android:layout_width="match_parent" android:layout_height="match_parent" android:id="@+id/map" tools:context=".mapsactivity" android:name="com.google.android.gms.maps.supportmapfragment" android:layout_alignparentend="true" android:layout_alignparentstart="true" android:layout_alignparentbottom="true" ...
Read more