Extract Key from a tr31 key block (exporting from HSM Thales 9000)

Question

Using the HSM command A0 (Generate a Key), I am getting the below response.

HEADA100U7D4213E0422F4E08E9455D9837E09FDDRA0072B1TX00S000073C35FF96F7A8C7D35D440CCBDA06FFED3AC7017F27B0A0E8896FFC971F0B9
HEAD (Message Header)
A1   (Response Code)
00   (Error Code)
U7D4213E0422F4E08E9455D9837E09FDD (Key under LMK)
RA0072B1TX00S000073C35FF96F7A8C7D35D440CCBDA06FFED3AC7017F27B0A0E8896FFC9 (Key under TMK - export tr31 key block)
71F0B9 (Key Check Value)

My questions are:

How can I extract the key (under tmk) from tr31 key block?

Does anyone know how to decode the tr31 key block?

Answer 1

Take a look at the TR31 standard (which isn't legally available for free, because ANSI wants to make your life miserable).

• R doesn't seem to be part of the TR31 block and I can only assume is something Thales specific
• A is the key block version id (the first field of the header) and describes the key binding method being used. A is deprecated and uses a key variant binding method.
• 0072 is the length of the whole TR31 key block in decimal digits, which happens to fit if, we ignore the leading R
• B1 is the key usage, which is an Initial DUKPT Key
• T is the algorithm of the key, which is Triple-DES (or Triple-DEA in TR31 notation)
• X is the mode of use, which is "Key used to derive other key(s)"
• 00 is the key version number, which means no key versioning is used for this key
• S is the exportability of the key, which is "Sensitive"
• 00 is the number of optional blocks in decimal.
• 00 is reserved for future use and always has to be two ASCII zeros. As there are no optional blocks, this field is the last field of the header.
• 73C35FF96F7A8C7D35D440CCBDA06FFED3AC7017F27B0A0E is the hex encoded encrypted key (everything after the header except the last 8 characters). It is 24 bytes long, which fits for a 16 byte long key (2 bytes key length, 16 bytes key, 6 bytes padding to get to full 8 byte block size).
• 8896FFC9 is the MAC (the last 8 characters which (for key block version id A) are the leftmost 32 bit of the Triple-DES CBC-MAC)

To go any further (decrypt the encrypted key) I would need the Key Block Protection Key (which is probably the TMK?).

Answer 2

'R' is the scheme flag used by Thales, means the format of the key is TR-31. This would not usually be included in any messaging to a peer device as it isn't part of the TR-31 format.