.NET Integration with HSM

Recently had a scenario where we need to encrypt Card PIN code with keys provided by HSM. In our case, HSM was using TripleDES symmetric key algorithm for encryption and decryption. First, I tried with .NET Framework TripleDESCryptoServiceProvider, but that was not working.

After lots of trial and error, the solution was using Thales Simulator Library. Following is sample code for encrypting PIN with ZPK (Zone Private Key). ZPK was communicated between parties in encrypted format and we need to decrypt it first using ZMK (Zone Master key)


public static string GetEncryptedPINwithZPK(string CardNumber, string PIN)

         HexKey key = new HexKey("ZMK");
         string ZPK = ThalesSim.Core.Cryptography.TripleDES.TripleDESDecrypt(key, "EncryptedZPK");
         string PINBlock1 = ("0" + PIN.Length + PIN).PadRight(16, 'F');
         string CNumber = CardNumber.Substring(0, CardNumber.Length - 1); // to skip right most check digit
         string PINBlock2 = "0000" + CNumber.Substring(CNumber.Length - 12);

         HexKey ZPKHex = new HexKey(ZPK);
         string EncryptedPIN =  ThalesSim.Core.Cryptography.TripleDES.TripleDESEncrypt
(ZPKHex, XORStrings(PINBlock1, PINBlock2)); return EncryptedPIN; }

BizTalk: System.InvalidCastException


I was facing a strange runtime error when calling a BizTalk Orchestration dynamically from another Orchestration. (Dynamic Call Orchestration is not supported out of the box, so we have a custom implementation for that).


System.InvalidCastException: Unable to cast object of type ‘Microsoft.XLANGs.Core.MessageTuple’ to type ‘Microsoft.XLANGs.Core.XMessage’


Apparently, when creating Orchestration message parameters, the VS misinterprets the order of parameters. So we need to verify order and direction (In/Out/Ref) of the parameters inside Orchestration’s auto generated code & designer’s XML

    body (message <Type> Rq, out message <Type> Rs)

We can correct it manually, or delete all code after #endif // __DESIGNER_DATA and reopen Orchestration and modify anything there to regenerate the code.

Posted in BizTalk. 1 Comment »