Extract Key from a tr31 key block (exporting from HSM Thales 9000)
Take a look at the TR31 standard (which isn't legally available for free, because ANSI wants to make your life miserable).
Rdoesn't seem to be part of the TR31 block and I can only assume is something Thales specificAis the key block version id (the first field of the header) and describes the key binding method being used.Ais deprecated and uses a key variant binding method.0072is the length of the whole TR31 key block in decimal digits, which happens to fit if, we ignore the leadingRB1is the key usage, which is an Initial DUKPT KeyTis the algorithm of the key, which is Triple-DES (or Triple-DEA in TR31 notation)Xis the mode of use, which is "Key used to derive other key(s)"00is the key version number, which means no key versioning is used for this keySis the exportability of the key, which is "Sensitive"00is the number of optional blocks in decimal.00is reserved for future use and always has to be two ASCII zeros. As there are no optional blocks, this field is the last field of the header.73C35FF96F7A8C7D35D440CCBDA06FFED3AC7017F27B0A0Eis the hex encoded encrypted key (everything after the header except the last 8 characters). It is 24 bytes long, which fits for a 16 byte long key (2 bytes key length, 16 bytes key, 6 bytes padding to get to full 8 byte block size).8896FFC9is the MAC (the last 8 characters which (for key block version idA) are the leftmost 32 bit of the Triple-DES CBC-MAC)
To go any further (decrypt the encrypted key) I would need the Key Block Protection Key (which is probably the TMK?).