[Pki-users] Unable to format smart card
John Magne
jmagne at redhat.com
Fri Jan 23 18:24:40 UTC 2015
Hi:
Interesting..
Couple of questions.
Are you using the developer key set to start out or have you already attempted
symmetric key changeover?
Have you tried to at least establish a secure channel with "gpshell"?
Is this a gp2.1.1 card per chance or 2.0.1, which is what we support right this minute?
My quick advice would be to try first to get a secure channel with gpshell.
If you fail in this fashion 3 times or more, your card is toast.
Also, your CS.cfg might be helpful.
thanks,
jack
----- Original Message -----
> From: "Javier Gallart" <jgallartm at gmail.com>
> To: pki-users at redhat.com
> Sent: Friday, January 23, 2015 8:14:42 AM
> Subject: [Pki-users] Unable to format smart card
>
> Hello all
>
> first question in the list. I recently installed Dogtag version 10.2.1.
> Testing is going fine so far, with the exception of the smart card format
> stage.
> Let me give you the specs of the system:
> -Dogtag runs on a Fedora20 x86_64
> -ESC (version esc-1.1.0-14.el5.centos1) runs on a Centos 5.11 x86_64
> -Smart Card Model:SmartCafe Expert 3.2 72K from G&D with 72K on-board EEPROM
>
> When I push the format button, the authentication looks good; however the
> operation fails throwing this message: "The Smart Card Server cannot
> establish a secure channel with the smart card".
>
> Looking at the logs:
> ----TPS----
> [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSEngine.computeSessionKey:
> Non zero status result: 1
> [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSSession.process: Message
> processing failed: TPSProcessor.setupSecureChannel: Can't set up secure
> channel: TPSEngine.computeSessionKey: invalid returned status: 1
> [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSMessage.write: Writing:
> s=43&msg_type=13&operation=5&result=1&message=17
> [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSSession.process: leaving:
> result: 1 status: STATUS_ERROR_SECURE_CHANNEL
> [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: After session.process()
> exiting ...
>
>
> ----TKS----
>
>
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:
> ComputeSessionKey(): xkeyInfo[0] = 0x1, xkeyInfo[1] = 0x2
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:
> ComputeSessionKey(): Nist SP800-108 KDF will be used for key versions >= 0x0
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:
> ComputeSessionKey(): Nist SP800-108 KDF (if used) will use KDD.
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet about to try
> ComputeSessionKey selectedToken=Internal Key Storage Token
> keyNickName=#01#02
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:Tried
> ComputeSessionKey, got NULL
> java.lang.Exception: Can't compute session key!
>
> (...)
>
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet Computing Session
> Key: java.lang.Exception: Can't compute session key!
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]:
> TokenServlet:outputString.encode status=1
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]:
> TokenServlet:outputString.length 8
> [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: SignedAuditEventFactory:
> create()
> message=[AuditEvent=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE][CUID_decoded=00002161960056514505][KDD_decoded=00002161960056514505][Outcome=Failure][status=1][AgentID=xxxxx-8443][IsCryptoValidate=true][IsServerSideKeygen=false][SelectedToken=Internal
> Key Storage
> Token][KeyNickName=#01#02][TKSKeyset=defKeySet][KeyInfo_KeyVersion=0x1][NistSP800_108KdfOnKeyVersion=0x0][NistSP800_108KdfUseCuidAsKdd=false][Error=Problem
> generating session key info.] TKS Compute session key request failed
>
> Any idea about the where the problem might be?
>
> Thanks in advance
>
> Regards
>
> Javi
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list