I am trying to encrypt a data block using TDES DUKPT utilizing a Thales 10K HSM’s M0 command. So far I have been unsuccessful. Any help would be very much appreciated as the total lack of examples in the manuals is quite frustrating.
My current command sans length and header has the following structure:
M0 (Command Code)
01 (CBC Encryption Mode)
1 (Hex-encoded binary input format)
1 (Hex-encoded binary output format)
FFF (LMK KeyBlock Type)
S10096B0TN00S0...9564 (BDK-1 KeyBlock - Sanitized)
605 (KSN Descriptor)
FFFF0000015D3E800021 (KSN)
0000000000000000 (IV)
0040 (Length of the following field in bytes - 64 bytes)
3335333330303130464646463030303030313544334538303030323800000000 (64 Bytes - 56 Hex Chars + padding to 16-byte boundary)
In response, I am receiving a 06 error response indicating “Invalid Message/Data Block Length field”
I have tried playing with the length like halving it to 0x0020 (the decoded binary length) to no avail. I feel like I am missing something pretty obvious but it is eluding me.