So I am new to HSM encryption. We have a Thales PayShield 9000 HSM and the requirement is to encrypt a clear PIN using the ISO 9564 Format 0 standard.
What I have is the following:
Message Header: 00000000
Clear PIN: 1111
PAN: 6999999999999992
PIN Encryption Key (32): XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
My requirement is to use the BA hsm command to encrypt PIN 1111 to get a 16 hex Pin Block. I have tried
00000000BA1111FFFFFFFFFF999999999999XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
But I got response 15, can someone assist advise what is the correct command format or example.
'BA' would encrypt the clear pin using LMK of HSM, it would not encrypt the pin using the ZPK
So first you should use BA command(remove the ZPK from your command) to get the pin encrypted under the LMK, then you can use 'JG' to translate the pin from LMK to ZPK.