Thales Key Blocks are an essential cryptographic key wrapping format. In comparison to other key block formats, they are proprietary and only work with Thales payShield HSMs. In what follows, we delve into detail about this key block format.

Description of the Thales Key Blocks Format

Thales Key Blocks are compatible with the X9.TR-31 format. They implement and extend it further by providing additional features.

The Payment Card Industry Security Standards Council (PCI SSC) requires that the retail banking industry implement ANSI X9.24/TR-31-compliant key blocks, however, TR-31 is a technical report, not a norm. 

The ANSI standard defines “general” key blocks as structures with a header field, a payload field containing encrypted sensitive data (including the key itself), and an extra-field for checking the header’s integrity and the data.

iIillustration: a generic TR-31 key block

Illustration: a generic TR-31 key block

Based on this very generic scheme, it is possible to refine a TR-31 key block to add more features and sub-components. 

Thales Key Block Structure

The Thales Block Structure defines four blocks instead of the three blocks defined by the TR-31:

  • Header (16 bytes)
  • Optional header
  • Encrypted key data
  • Authenticator

Infographic-Thales-Key-Block-Format

Illustration: Thales Key Block Format

The main difference lies in adding an optional header block that allows more leeway in the management of the key. The header contains a field that registers the value of the Thales  HSM Local Master Key (LMK) used for ciphering. Therefore, in theory, only Thales Key Blocks can only be used with Thales machines. 

The header contains a field that informs if there are optional headers, and if so, how many there are. The optional header uses TLV (tag-length-value) encoding and is used for additional information that may vary in nature. 

Here is a list of the optional headers typically permitted in a Thales Key Block.

Optional Header Blog Tag

Usage

KS

Key set identifier

KV

Key block version values

00

Status (T=Test, L=Live, etc.)

01

Algorithm and mode used to encrypt the data block

02

Algorithm and mode used to authenticate the data block

03

Validity start date

04

Validity end date

05

Free usage (for information, etc.)

PB

Padding block


Analysis of the Thales Key Block Format

Thales Key Block provides two types of key encryption: Triple DES and AES Keyblock LMK (e.g., encrypted by the LMK). In both cases, an Initialization Vector (IV) is used by taking bytes from the header, which as a result, directly binds the header and the encrypted key data.

For example, the Atalla Key Block uses all eight bytes of its header fields, while the Thales Key Block uses only a part of its header field for IV computation.

Any type of key specified in the header can be ciphered that way. The encryption is done exclusively in CBC mode, which can be a problem since CBC mode is not very resistant to some padding oracle attacks.

The encryption keys are derived from the HSM LMK (AES or Triple DES).

The authenticator part is used by computing a 3DES CBC-MAC or an AES CMAC from the ciphered data, the header’s concatenation, and the optional header. The keys used are also derived from the LMK. 

Using Thales Key Blocks Format with Thales HSMs

New Call-to-actionSince the Thales Key Blocks work only with the payShields HSMs (payShield 8000, 9000 and payShield 10k, etc.), we need to mention how to use them in such an environment. 

Only local keys are used to cipher the key blocks. Theoretically, this provides greater security. 

Thales payShield supports multiple LMKs. This means that an HSM can be cryptographically separated into several groups to manage key blocks. 

Thales Key Blocks, which can be created and maintained with Thales HSMs, typically include ZMKs (for exporting keys from one HSM to another), PMKs (PIN Master Key to cipher pin blocks), etc.

Centrally Managing Key Blocks with CKMS

New Call-to-action

Retail banking has become an increasingly hybrid world with local data centers, HSMs, mainframes, and cloud infrastructures. Banks need to effectively manage key lifecycles no matter what HSM or location and guarantee a high level of payment security. Cryptomathic provides a banking-grade, PCI-compliant, and HSM-agnostic key management system called CKMS that, natively, supports all TR-31 implementations, including the Thales version. CKMS is able to deliver keys both automatically and manually to Thales payShields.

Using TR-31 key blocks, for external storage and transportation of keys is the modern way to go - having many advantages over the legacy methods (of using variants or simple encryption of keys). Thales have added their extensions to the design creating a more extensible solution and Cryptomathic have ensured that they can support this and all other implementations which is why we believe CKMS is the most adaptable solution on the market today.

Centralized, HSM-agnostic and cloud-ready key management - as offered by CKMS - allows for the effective use of resources, high security, and comfortable auditability for banks and financial institutions.

 

New call-to-action

 

References and Further Reading

Other Related Articles: # Key Management # HSM # key blocks

Want to know how we can help ?

Get in touch to better understand how our solutions secure ecommerce and billions of transactions worldwide.