Command: QS (Query Security). Can be used in online, offline or secure state.
Function: Reports the security configuration of the HSM and some processing parameters, plus the LMK check value.
Inputs: None.
Outputs:
PIN length:
Encrypted PIN length:
Echo: OFF or ON
Atalla ZMK variant support: OFF or ON
Transaction key support: Racal or Australian or None
User storage key length: Single, Double or Triple
Single-DES: Enabled or Disabled
Prevent single-DES keys masquerading
as double or triple-length key: YES or NO
Select clear PINs: Y or N
Enable ZMK translate command: YES or NO
Enable X9.17 for import: YES or NO
Enable X9.17 for export: YES or NO
Solicitation batch size: 1..1024
ZMK length: S or D.
Decimalization table Encrypted/plaintext E
or P
Decimalization table checks enabled: YES or NO
PIN encryption algorithm: A or B
Card/password authorisation: C or P
Authorised State required when Importing DES key under RSA key: YES or NO
Minimum HMAC verification length in bytes: 5..20
Enable PKCS#11 import and export for HMAC keys: YES or NO
Enable ANSI X9.17 import and export for HMAC keys: YES or NO
Enable ZEK encryption of all printable ASCII chars: YES or NO
Enable ZEK encryption of “Base94” ASCII chars: YES or NO
Enable ZEK encryption of “Base64” ASCII chars: YES or NO
Enable ZEK encryption of “Hex-only” ASCII chars: YES or NO
Restrict Key Check Values to 6 Hex chars YES or NO
Enable Multiple Authorised Activities: YES or NO
LMK check:
Old LMK loaded: YES or NO.
Errors: None.
Example:
Online> QS <Return>
PIN length: 04
Echo: OFF
Atalla ZMK variant support: OFF
Transaction key support: None
User storage key length: Triple
Single-DES: Disabled
Prevent Single-DES keys masquerading as double or triple-length key: YES
Select clear PINs: N
Enable ZMK translate command: NO
Enable X9.17 for import: NO
Enable X9.17 for export: NO
Solicitation batch size: 1024
ZMK length: D
PIN encryption algorithm: A
Card/password authorisation: C
Decimalization tables: ENCRYPTED
Decimalization table checks: Enabled
Minimum HMAC key length in bytes [5-20]: 10
Enable PKCS#11 import and export for HMAC keys [Y/N]: NO
Enable ANSI X9.17 import and export for HMAC keys [Y/N]: NO
Enable ZEK encryption of all printable ASCII chars? : NO
Enable ZEK encryption of “Base94” ASCII chars? : NO
Enable ZEK encryption of “Base64” ASCII chars? : YES
Enable ZEK encryption of “Hex-only” ASCII chars? : YES
Restrict Key Check Value to 6 Hex Chars :YES
Enable Multiple Authorised Activities: YES
LMK check: 0123 4567 89AB CDEF
Old LMK loaded: NO