Hello all
first question in the list. I recently installed Dogtag version 10.2.1.
Testing is going fine so far, with the exception of the smart card format
stage.
Let me give you the specs of the system:
-Dogtag runs on a Fedora20 x86_64
-ESC (version esc-1.1.0-14.el5.centos1) runs on a Centos 5.11 x86_64
-Smart Card Model:SmartCafe Expert 3.2 72K from G&D with 72K on-board EEPROM
When I push the format button, the authentication looks good; however the
operation fails throwing this message: "The Smart Card Server cannot
establish a secure channel with the smart card".
Looking at the logs:
----TPS----
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSEngine.computeSessionKey:
Non zero status result: 1
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSSession.process: Message
processing failed: TPSProcessor.setupSecureChannel: Can't set up secure
channel: TPSEngine.computeSessionKey: invalid returned status: 1
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSMessage.write: Writing:
s=43&msg_type=13&operation=5&result=1&message=17
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSSession.process: leaving:
result: 1 status: STATUS_ERROR_SECURE_CHANNEL
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: After session.process()
exiting ...
----TKS----
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:
ComputeSessionKey(): xkeyInfo[0] = 0x1, xkeyInfo[1] = 0x2
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:
ComputeSessionKey(): Nist SP800-108 KDF will be used for key versions >=
0x0
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:
ComputeSessionKey(): Nist SP800-108 KDF (if used) will use KDD.
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet about to try
ComputeSessionKey selectedToken=Internal Key Storage Token
keyNickName=#01#02
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:Tried
ComputeSessionKey, got NULL
java.lang.Exception: Can't compute session key!
(...)
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet Computing
Session Key: java.lang.Exception: Can't compute session key!
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]:
TokenServlet:outputString.encode status=1
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]:
TokenServlet:outputString.length 8
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: SignedAuditEventFactory:
create()
message=[AuditEvent=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE][CUID_decoded=00002161960056514505][KDD_decoded=00002161960056514505][Outcome=Failure][status=1][AgentID=xxxxx-8443][IsCryptoValidate=true][IsServerSideKeygen=false][SelectedToken=Internal
Key Storage
Token][KeyNickName=#01#02][TKSKeyset=defKeySet][KeyInfo_KeyVersion=0x1][NistSP800_108KdfOnKeyVersion=0x0][NistSP800_108KdfUseCuidAsKdd=false][Error=Problem
generating session key info.] TKS Compute session key request failed
Any idea about the where the problem might be?
Thanks in advance
Regards
Javi