[Pki-users] Unable to format smart card
Javier Gallart
jgallartm at gmail.com
Tue Feb 3 16:32:51 UTC 2015
Hello
we still haven't been able to figure out how to fix this problem. I'm
attaching the config files.
Regards
Javi
On Fri, Jan 23, 2015 at 5:14 PM, Javier Gallart <jgallartm at gmail.com> wrote:
> Hello all
>
> first question in the list. I recently installed Dogtag version 10.2.1.
> Testing is going fine so far, with the exception of the smart card format
> stage.
> Let me give you the specs of the system:
> -Dogtag runs on a Fedora20 x86_64
> -ESC (version esc-1.1.0-14.el5.centos1) runs on a Centos 5.11 x86_64
> -Smart Card Model:SmartCafe Expert 3.2 72K from G&D with 72K on-board
> EEPROM
>
> When I push the format button, the authentication looks good; however the
> operation fails throwing this message: "The Smart Card Server cannot
> establish a secure channel with the smart card".
>
> Looking at the logs:
> ----TPS----
> [23/Jan/2015:11:05:05][http-bio-8443-exec-11]:
> TPSEngine.computeSessionKey: Non zero status result: 1
> [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSSession.process: Message
> processing failed: TPSProcessor.setupSecureChannel: Can't set up secure
> channel: TPSEngine.computeSessionKey: invalid returned status: 1
> [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSMessage.write: Writing:
> s=43&msg_type=13&operation=5&result=1&message=17
> [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSSession.process:
> leaving: result: 1 status: STATUS_ERROR_SECURE_CHANNEL
> [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: After session.process()
> exiting ...
>
>
> ----TKS----
>
>
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:
> ComputeSessionKey(): xkeyInfo[0] = 0x1, xkeyInfo[1] = 0x2
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:
> ComputeSessionKey(): Nist SP800-108 KDF will be used for key versions >=
> 0x0
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:
> ComputeSessionKey(): Nist SP800-108 KDF (if used) will use KDD.
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet about to try
> ComputeSessionKey selectedToken=Internal Key Storage Token
> keyNickName=#01#02
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:Tried
> ComputeSessionKey, got NULL
> java.lang.Exception: Can't compute session key!
>
> (...)
>
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet Computing
> Session Key: java.lang.Exception: Can't compute session key!
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]:
> TokenServlet:outputString.encode status=1
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]:
> TokenServlet:outputString.length 8
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: SignedAuditEventFactory:
> create()
> message=[AuditEvent=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE][CUID_decoded=00002161960056514505][KDD_decoded=00002161960056514505][Outcome=Failure][status=1][AgentID=xxxxx-8443][IsCryptoValidate=true][IsServerSideKeygen=false][SelectedToken=Internal
> Key Storage
> Token][KeyNickName=#01#02][TKSKeyset=defKeySet][KeyInfo_KeyVersion=0x1][NistSP800_108KdfOnKeyVersion=0x0][NistSP800_108KdfUseCuidAsKdd=false][Error=Problem
> generating session key info.] TKS Compute session key request failed
>
> Any idea about the where the problem might be?
>
> Thanks in advance
>
> Regards
>
> Javi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20150203/8c78898c/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tks.cfg
Type: application/octet-stream
Size: 28338 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20150203/8c78898c/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tps.cfg
Type: application/octet-stream
Size: 90970 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20150203/8c78898c/attachment-0001.obj>
More information about the Pki-users
mailing list