[Pki-users] Fwd: Unable to format smart card

Javier Gallart jgallartm at gmail.com
Mon Jan 26 15:47:32 UTC 2015 

Forgot to copy the list....


Javi
---------- Forwarded message ----------
From: Javier Gallart <jgallartm at gmail.com>
Date: Mon, Jan 26, 2015 at 12:21 PM
Subject: Re: [Pki-users] Unable to format smart card
To: John Magne <jmagne at redhat.com>


Thanks Jack

my replies:


On Fri, Jan 23, 2015 at 6:24 PM, John Magne <jmagne at redhat.com> wrote:

> Hi:
>
> Interesting..
>
> Couple of questions.
>
>
> Are you using the developer key set to start out or have you already
> attempted
> symmetric key changeover?
>
I am using the developer key set

>
>
>
> Have you tried to at least establish a secure channel with "gpshell"?
>
Yes, I've been able to establish a secure channel with gpshell.

>
> Is this a gp2.1.1 card per chance or 2.0.1, which is what we support right
> this minute?
>
-I am using a gps2.1.1 card, I guess this is the problem.?

>
> My quick advice would be to try first to get a secure channel with gpshell.
>
> If you fail in this fashion 3 times or more, your card is toast.
>
> Also, your CS.cfg might be helpful.
>
Attaching CS.cfg for tps and tks

Regards

Javi

>
> thanks,
> jack
>
>
>
>
> ----- Original Message -----
> > From: "Javier Gallart" <jgallartm at gmail.com>
> > To: pki-users at redhat.com
> > Sent: Friday, January 23, 2015 8:14:42 AM
> > Subject: [Pki-users] Unable to format smart card
> >
> > Hello all
> >
> > first question in the list. I recently installed Dogtag version 10.2.1.
> > Testing is going fine so far, with the exception of the smart card format
> > stage.
> > Let me give you the specs of the system:
> > -Dogtag runs on a Fedora20 x86_64
> > -ESC (version esc-1.1.0-14.el5.centos1) runs on a Centos 5.11 x86_64
> > -Smart Card Model:SmartCafe Expert 3.2 72K from G&D with 72K on-board
> EEPROM
> >
> > When I push the format button, the authentication looks good; however the
> > operation fails throwing this message: "The Smart Card Server cannot
> > establish a secure channel with the smart card".
> >
> > Looking at the logs:
> > ----TPS----
> > [23/Jan/2015:11:05:05][http-bio-8443-exec-11]:
> TPSEngine.computeSessionKey:
> > Non zero status result: 1
> > [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSSession.process:
> Message
> > processing failed: TPSProcessor.setupSecureChannel: Can't set up secure
> > channel: TPSEngine.computeSessionKey: invalid returned status: 1
> > [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSMessage.write: Writing:
> > s=43&msg_type=13&operation=5&result=1&message=17
> > [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSSession.process:
> leaving:
> > result: 1 status: STATUS_ERROR_SECURE_CHANNEL
> > [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: After session.process()
> > exiting ...
> >
> >
> > ----TKS----
> >
> >
> > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:
> > ComputeSessionKey(): xkeyInfo[0] = 0x1, xkeyInfo[1] = 0x2
> > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:
> > ComputeSessionKey(): Nist SP800-108 KDF will be used for key versions >=
> 0x0
> > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:
> > ComputeSessionKey(): Nist SP800-108 KDF (if used) will use KDD.
> > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet about to try
> > ComputeSessionKey selectedToken=Internal Key Storage Token
> > keyNickName=#01#02
> > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:Tried
> > ComputeSessionKey, got NULL
> > java.lang.Exception: Can't compute session key!
> >
> > (...)
> >
> > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet Computing
> Session
> > Key: java.lang.Exception: Can't compute session key!
> > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]:
> > TokenServlet:outputString.encode status=1
> > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]:
> > TokenServlet:outputString.length 8
> > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: SignedAuditEventFactory:
> > create()
> >
> message=[AuditEvent=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE][CUID_decoded=00002161960056514505][KDD_decoded=00002161960056514505][Outcome=Failure][status=1][AgentID=xxxxx-8443][IsCryptoValidate=true][IsServerSideKeygen=false][SelectedToken=Internal
> > Key Storage
> >
> Token][KeyNickName=#01#02][TKSKeyset=defKeySet][KeyInfo_KeyVersion=0x1][NistSP800_108KdfOnKeyVersion=0x0][NistSP800_108KdfUseCuidAsKdd=false][Error=Problem
> > generating session key info.] TKS Compute session key request failed
> >
> > Any idea about the where the problem might be?
> >
> > Thanks in advance
> >
> > Regards
> >
> > Javi
> >
> >
> > _______________________________________________
> > Pki-users mailing list
> > Pki-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20150126/9b0519b8/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tks.cfg
Type: application/octet-stream
Size: 28338 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20150126/9b0519b8/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tps.cfg
Type: application/octet-stream
Size: 90970 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20150126/9b0519b8/attachment-0001.obj>

More information about the Pki-users mailing list