Product Release: Thales Luna EFT Payment HSM version 2.4.0

Thales is pleased to announce the release of version 2.4.0 of the Luna EFT Payment HSM.

This release of Luna EFT Payment HSM introduces key features expanding the HSM’s capabilities in terms of key management, backup and enhancement of the latest payment standards. This includes:

RSA Key Block Support
Below host functions are updated to generate RSA key block in Key Spec Format 18 as per TR-31:2018:


Below host functions are updated to support RSA key block in Key Spec Format 18:

    • SIGN-DATA (EE9005)

AES KTPV Support in OBM Host Functions
Below host functions are updated to support 256 bit AES KTPV:

  • OBM-SET-PIN (EE3004)
  • OBM-PRINT-PIN (EE3008)
  • OBM-MIGRATE-PIN-3624-TPV (EE3009)
  • OBM-SET-PIN-TPV (EE3020)

Union Pay International (UPI) Enhancements
Below host functions are updated to support transaction processing for UPI scheme:


AMB Host Keys
Key management for the 27 AMB host keys has been merged.

Network Key Transfer on Luna EFT Web Console
NKT transfer page is added to enable import and export of Network Key Transfer package on the Luna EFT web console.

Console Enhancements


Added Lush Commands

Below is a new Lush command added:

  • List/Delete audit log files: This command is used to list/delete audit log files uploaded on HSM for an audit user

Updated Lush Commands

  • View KVC: View KVC command is updated to display Audit MAC key status.
  • Delete Key: Delete key Lush command is updated to delete KTP key.
  • Key management command: Key management command is updated to generate, view, delete, backup and restore AES 256 bit KTPV key.

Web Console

  • Partition restart option: A new button is added to restart a partition after SSL and host services configuration on the Luna EFT web console under the Partition Owner role. This enables Partition Owner to restart the partition after configuring all the settings.
  • Content update: MDC-2 is renamed as HASH_ISO_10118 on the KCV View page.

Other Enhancements

  • Host Functions Update
      • RTMK-4500 (4500): This host function is updated to support encrypted session keys (KMACr, KPEr and KDr) in the request field as optional.
  • KM-MIGRATE (12): This host function is updated to support Key Spec format 15 

OpenSSL Version Update

  • OpenSSL version is updated to 1.1.1d.

NTP Version Update

  • NTP version is updated from 4.2.8p12 to 4.2.8p13.

Please go to the Customer Support Portal* to download the EFT 2.4.0 Software Release and the Customer Release Notes (use Document Number: KB0020981).

*Log in required.  Contact  for assistance.