[Pki-users] Unable to format smart card

John Magne jmagne at redhat.com
Tue Feb 3 18:55:29 UTC 2015 

OH Hello Sorry:

Sorry about the delay, I got avalanched in work.


The last I recall, you said that you were using a scp02 card.

That is a not starter. We only have gp2.0.1 / scp01 support 
right this minute. We are working though.



----- Original Message -----
From: "Javier Gallart" <jgallartm at gmail.com>
To: pki-users at redhat.com
Sent: Tuesday, February 3, 2015 8:32:51 AM
Subject: Re: [Pki-users] Unable to format smart card

Hello 

we still haven't been able to figure out how to fix this problem. I'm attaching the config files. 

Regards 

Javi 

On Fri, Jan 23, 2015 at 5:14 PM, Javier Gallart < jgallartm at gmail.com > wrote: 



Hello all 

first question in the list. I recently installed Dogtag version 10.2.1. Testing is going fine so far, with the exception of the smart card format stage. 
Let me give you the specs of the system: 
-Dogtag runs on a Fedora20 x86_64 
-ESC (version esc-1.1.0-14.el5.centos1) runs on a Centos 5.11 x86_64 
-Smart Card Model:SmartCafe Expert 3.2 72K from G&D with 72K on-board EEPROM 

When I push the format button, the authentication looks good; however the operation fails throwing this message: "The Smart Card Server cannot establish a secure channel with the smart card". 

Looking at the logs: 
----TPS---- 
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSEngine.computeSessionKey: Non zero status result: 1 
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSSession.process: Message processing failed: TPSProcessor.setupSecureChannel: Can't set up secure channel: TPSEngine.computeSessionKey: invalid returned status: 1 
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSMessage.write: Writing: s=43&msg_type=13&operation=5&result=1&message=17 
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSSession.process: leaving: result: 1 status: STATUS_ERROR_SECURE_CHANNEL 
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: After session.process() exiting ... 


----TKS---- 


[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet: ComputeSessionKey(): xkeyInfo[0] = 0x1, xkeyInfo[1] = 0x2 
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet: ComputeSessionKey(): Nist SP800-108 KDF will be used for key versions >= 0x0 
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet: ComputeSessionKey(): Nist SP800-108 KDF (if used) will use KDD. 
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet about to try ComputeSessionKey selectedToken=Internal Key Storage Token keyNickName=#01#02 
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:Tried ComputeSessionKey, got NULL 
java.lang.Exception: Can't compute session key! 

(...) 

[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet Computing Session Key: java.lang.Exception: Can't compute session key! 
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:outputString.encode status=1 
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:outputString.length 8 
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: SignedAuditEventFactory: create() message=[AuditEvent=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE][CUID_decoded=00002161960056514505][KDD_decoded=00002161960056514505][Outcome=Failure][status=1][AgentID=xxxxx-8443][IsCryptoValidate=true][IsServerSideKeygen=false][SelectedToken=Internal Key Storage Token][KeyNickName=#01#02][TKSKeyset=defKeySet][KeyInfo_KeyVersion=0x1][NistSP800_108KdfOnKeyVersion=0x0][NistSP800_108KdfUseCuidAsKdd=false][Error=Problem generating session key info.] TKS Compute session key request failed 

Any idea about the where the problem might be? 

Thanks in advance 

Regards 

Javi 



_______________________________________________
Pki-users mailing list
Pki-users at redhat.com
https://www.redhat.com/mailman/listinfo/pki-users

More information about the Pki-users mailing list