HGmgcHiY

· 7 years ago · Sep 18, 2018, 11:58 AM
1qs
2
3PIN length: 04
4Encrypted PIN length: 05
5Echo: OFF
6Atalla ZMK variant support: OFF
7Transaction key support: NONE
8User storage key length: SINGLE
9Display general information on payShield Manager Landing Page: NO
10Default LMK identifier: 00
11Management LMK identifier: 00
12
13Select clear PINs: YES
14Enable ZMK translate command: NO
15Enable X9.17 for import: YES
16Enable X9.17 for export: YES
17Solicitation batch size: 1024
18Single-DES: DISABLED
19Prevent single-DES keys masquerading as double or triple-length keys: YES
20ZMK length: DOUBLE
21Decimalization tables: ENCRYPTED
22Decimalization table checks: ENABLED
23PIN encryption algorithm: A
24
25Press "Enter" to view additional security settings...
26
27Authorized state required when importing DES key under RSA key: YES
28Minimum HMAC length in bytes: 10
29Enable PKCS#11 import and export for HMAC keys: NO
30Enable ANSI X9.17 import and export for HMAC keys: NO
31Enable ZEK/TEK encryption of ASCII data or Binary data or None: NONE
32Restrict key check values to 6 hex chars: YES
33Enable multiple authorized activities: YES
34Allow persistent authorized activities: YES
35Enable variable length PIN offset: NO
36Enable weak PIN checking: NO
37Enable PIN block Format 34 as output format for PIN translations to ZPK: NO
38Enable translation of account number for LMK encrypted PINs: NO
39Enable 2DES LMK encryption of 3DES/2048-bit RSA keys: YES
40
41Use HSM clock for date/time validation: YES
42Additional padding to disguise key length: NO
43Key export and import in trusted format only: NO
44Protect MULTOS cipher data checksums: YES
45Enable Key Scheme Tag 'X' (X9.17) for storing keys under LMK: NO
46Enable use of Tokens in PIN Translation: YES
47Enable use of Tokens in PIN Verification: YES
48Allow Error light to be extinguished when viewing Error Log: NO
49Ensure LMK Identifier in command corresponds with host port: NO
50Ignore LMK ID in Key Block Header: NO
51Enforce NIST recommendations when encrypting AES keys using RSA: YES
52Enable import and export of RSA Private keys: NO
53
54NOTE: The following settings are not all PCI HSM compliant.
55Card/password authorization (local): C
56Restrict PIN block usage for PCI HSM Compliance: NO
57Enforce key type 002 separation for PCI HSM compliance: NO
58Enforce Authorization Time Limit: YES
59Enforce Multiple Key Components: NO
60
61
62Online-AUTH>qc
63
64Serial Port
65 Baud: 9600
66 Word format: 8 bits, none parity, 1 stop
67 Flow control: none
68
69
70Online-AUTH>qh
71
72Message header length: 04
73Protocol: Ethernet
74Well-Known-Port: 01500
75Well-Known-TLS-Port: 02500
76Transport:  UDP TCP TLS/SSL, 5 connections
77TCP Keep_Alive value (minutes): 120 minutes
78ACL: Disabled
79Number of interfaces : (1)
80
81Interface Number: 1
82IP Configuration Method: DHCP
83Network Name: B4665336113M-host1
84IP address: 192.168.1.122
85Subnet mask: 255.255.252.0
86Default Gateway: 192.168.1.1
87MAC address: 00:d0:fa:05:35:b0
88Port speed: Ethernet autoselect (1000baseT full-duplex)
89
90
91Online-AUTH>qm
92
93Management ethernet port:
94IP Configuration Method: DHCP
95Network Name: B4665336113M-mgmt
96IP address: 0.0.0.0
97Subnet mask: 255.0.0.0
98Default Gateway: (12:1:1:enet.c:501) socket write failed because No such process
990.0.0.0
100MAC address: 00:d0:fa:05:35:b2
101Port speed: Ethernet none
102
103payShield Manager connection: Enabled
104
105
106Online-AUTH>vt
107
108
109LMK table:
110ID Authorized  Scheme   Algorithm  Status Check  Comments
11100 Yes(6H,0C)  KeyBlock AES-256    Test   9D04A0 Test AES KeyBlock LMK
112Key change storage table:No keys loaded in key change storage
113
114Online-AUTH>va
115
116Enter LMK id [0-1]: 0
117The following activities are authorized for LMK id 00:
118
119export.72.host:persistent
120import.52.host:persistent
121import.72.host:persistent
122import.p0.host:persistent
123import.v2.host:persistent
124pin.clear.host:persistent
125
126
127
128Online-AUTH>