Please note that this project is now maintained at Codeplex.

Racal Simulator Library Overview

The purpose of this library is to provide an adequate TCP/IP simulation of the Thales (former Zaxus, former Racal) Host Security Module or HSM.

HSM devices are wildly used in banking environments to provide security functions to a host application. Typically, an HSM can perform DES and Triple DES symmetric encryption. Additionally, some HSM devices (Racal amongst them) can also provide RSA asymmetric encryption facilities.

Aside from their cryptographic capabilities that can be commonly found in any software library, HSM devices implement a secure mechanism of storing master keys in tamper-resistant hardware. All other keys that an HSM device produces are encrypted under the local master keys and are communicated in an encrypted form to the host application. The vast majority of cryptographic facilities provided by an HSM is thus carried out by using cryptographic keys in an encrypted form.

The result is that even the host application does not have the clear value of keys used to encrypt/decrypt information or perform more advanced functions (like verifying a cardholder's PIN). This is a typical requirement of banking applications that control ATM/POS terminals or communicate with the VISA, MasterCard or other regional switches.

What does this library do?

The basic aim of the Racal Simulator Library is to facilitate the creation of a program that can emulate a Racal HSM on a TCP/IP network. Ideally, that would mean that a host application that needs access to an HSM device may interface to the Racal Simulator and issue commands without knowing (or caring) that the device is simulated.

Who would use this library?

Anyone that uses a switch, debit card or credit  card system and needs access to a Racal HSM.

Why would someone use the Racal Simulator Library instead of the real thing?

Mainly for two reasons:

What would one need to use this library?

A good level of understanding of the Racal HSM is essential. Knowledge of VB.Net and Visual Studio 2003 is also recommended, but any person that attempts to use the library without knowing how the Racal HSM works does not stand any real chance of making good use of the library. The NDoc Code Documentation Generator is used to document the project and the NUnit Test Framework is used to create and run test cases but it's not necessary to have or know how to use either of these in order to use this library.

Is the library extensible?

A good deal of effort was devoted to making the library as extensible as possible. Forgetting that the code is open, the library can compile VB.Net code at runtime in order to build Racal commands that are not precompiled in the binaries.

Is the library free?

Absolutely. Use and/or modify at your heart's content.

Is the library any good for use on a secure environment?

Absolutely not. The very first thing that the library does is to create a set of local master keys on a text file, in clear form for everyone to see. A real HSM does not provide access to the local master keys under any circumstances. In addition, the library provides an easy way to bring the simulator into authorized mode without requiring a two-person rule, smart cards and PIN codes, as opposed to a real HSM. The only intended use of the simulator library is as a testing tool, a production environment necessitates the use of a real HSM device.

Why are some Racal commands not implemented?

During the implementation of this library, emphasis was placed on implementing aspects of the Racal command arsenal that was of most use to the author. That means that several commands were not implemented fully (like the PA-Load Formatting Data whose sole implementation task is to respond to the host application) or not at all (like commands that have to do with the IBM verification method).

Project roadmap, history and downloads


Racal Simulator Library

Version 0.7

Language: VB.Net, build using VS.2003, .Net 1.1.

 

Locations of visitors to this page