[Pki-users] Unable to format smart card
John Magne
jmagne at redhat.com
Tue Feb 3 18:55:29 UTC 2015
OH Hello Sorry:
Sorry about the delay, I got avalanched in work.
The last I recall, you said that you were using a scp02 card.
That is a not starter. We only have gp2.0.1 / scp01 support
right this minute. We are working though.
----- Original Message -----
From: "Javier Gallart" <jgallartm at gmail.com>
To: pki-users at redhat.com
Sent: Tuesday, February 3, 2015 8:32:51 AM
Subject: Re: [Pki-users] Unable to format smart card
Hello
we still haven't been able to figure out how to fix this problem. I'm attaching the config files.
Regards
Javi
On Fri, Jan 23, 2015 at 5:14 PM, Javier Gallart < jgallartm at gmail.com > wrote:
Hello all
first question in the list. I recently installed Dogtag version 10.2.1. Testing is going fine so far, with the exception of the smart card format stage.
Let me give you the specs of the system:
-Dogtag runs on a Fedora20 x86_64
-ESC (version esc-1.1.0-14.el5.centos1) runs on a Centos 5.11 x86_64
-Smart Card Model:SmartCafe Expert 3.2 72K from G&D with 72K on-board EEPROM
When I push the format button, the authentication looks good; however the operation fails throwing this message: "The Smart Card Server cannot establish a secure channel with the smart card".
Looking at the logs:
----TPS----
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSEngine.computeSessionKey: Non zero status result: 1
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSSession.process: Message processing failed: TPSProcessor.setupSecureChannel: Can't set up secure channel: TPSEngine.computeSessionKey: invalid returned status: 1
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSMessage.write: Writing: s=43&msg_type=13&operation=5&result=1&message=17
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSSession.process: leaving: result: 1 status: STATUS_ERROR_SECURE_CHANNEL
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: After session.process() exiting ...
----TKS----
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet: ComputeSessionKey(): xkeyInfo[0] = 0x1, xkeyInfo[1] = 0x2
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet: ComputeSessionKey(): Nist SP800-108 KDF will be used for key versions >= 0x0
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet: ComputeSessionKey(): Nist SP800-108 KDF (if used) will use KDD.
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet about to try ComputeSessionKey selectedToken=Internal Key Storage Token keyNickName=#01#02
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:Tried ComputeSessionKey, got NULL
java.lang.Exception: Can't compute session key!
(...)
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet Computing Session Key: java.lang.Exception: Can't compute session key!
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:outputString.encode status=1
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:outputString.length 8
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: SignedAuditEventFactory: create() message=[AuditEvent=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE][CUID_decoded=00002161960056514505][KDD_decoded=00002161960056514505][Outcome=Failure][status=1][AgentID=xxxxx-8443][IsCryptoValidate=true][IsServerSideKeygen=false][SelectedToken=Internal Key Storage Token][KeyNickName=#01#02][TKSKeyset=defKeySet][KeyInfo_KeyVersion=0x1][NistSP800_108KdfOnKeyVersion=0x0][NistSP800_108KdfUseCuidAsKdd=false][Error=Problem generating session key info.] TKS Compute session key request failed
Any idea about the where the problem might be?
Thanks in advance
Regards
Javi
_______________________________________________
Pki-users mailing list
Pki-users at redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list