[Pki-users] Tpsclient - error enrolling token generated keys

[Mikolajczuk, Alan]

All,

I have CS 8.0 GA installed and I am trying to use the tpsclient tool for
testing the TPS.

When enrolling a user there are 2 keys, (signing and ID) generated on
the card and the encryption key is generated server side. When the
tpsclient enrollment is complete it states "Success - Operation
'ra_enroll' Success".  But looking into the tps-error log it states
that:

[2009-12-21 11:41:01] a6b19c50 CertEnroll::verifyProof -
VFY_CreateContext() failed
[2009-12-21 11:41:01] a6b19c50 CertEnroll::ParsePublicKeyBlob - verify
proof failed
[2009-12-21 11:41:01] a6b19c50 RA_Enroll_Processor::DoEnrollment -
Failed to parse public key
[2009-12-21 11:41:01] a6b19c50 CertEnroll::verifyProof -
VFY_CreateContext() failed
[2009-12-21 11:41:01] a6b19c50 CertEnroll::ParsePublicKeyBlob - verify
proof failed
[2009-12-21 11:41:01] a6b19c50 RA_Enroll_Processor::DoEnrollment -
Failed to parse public key

These errors are not seen when enrolling with a SafeNet 330J.

My tpsclint script is below. Is there are way to use the tpsclient and
have keys generated on the fake token verified successfully? 

op=var_set name=ra_host value=tps
op=var_set name=ra_port value=7888
op=var_set name=ra_uri value=/nk_service
op=token_set cuid=00000000000000000003
op=token_set msn=01020304
op=token_set app_ver=499dc06c
op=token_set key_info=0101
op=token_set major_ver=1
op=token_set minor_ver=4
op=token_set auth_key=404142434445464748494a4b4c4d4e4f
op=token_set mac_key=404142434445464748494a4b4c4d4e4f
op=token_set kek_key=404142434445464748494a4b4c4d4e4f
op=ra_enroll uid=frederick.c.meyer pwd=aixAeiYZnhhnbzBB num_threads=1
new_pin=not4long keygen=true
op=exit

Thanks,

Alan Mikolajczuk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20091221/8989da2b/attachment.htm>