[Pki-users] Fwd: Unable to format smart card

Hi: Interesting.. Couple of questions. Are you using the developer key set to start out or have you already attempted symmetric key changeover?

Have you tried to at least establish a secure channel with "gpshell"?

Is this a gp2.1.1 card per chance or 2.0.1, which is what we support right this minute?

My quick advice would be to try first to get a secure channel with gpshell. If you fail in this fashion 3 times or more, your card is toast. Also, your CS.cfg might be helpful.

thanks, jack ----- Original Message ----- > From: "Javier Gallart" <jgallartm(a)gmail.com&gt; > To: pki-users(a)redhat.com > Sent: Friday, January 23, 2015 8:14:42 AM > Subject: [Pki-users] Unable to format smart card > > Hello all > > first question in the list. I recently installed Dogtag version 10.2.1. > Testing is going fine so far, with the exception of the smart card format > stage. > Let me give you the specs of the system: > -Dogtag runs on a Fedora20 x86_64 > -ESC (version esc-1.1.0-14.el5.centos1) runs on a Centos 5.11 x86_64 > -Smart Card Model:SmartCafe Expert 3.2 72K from G&D with 72K on-board EEPROM > > When I push the format button, the authentication looks good; however the > operation fails throwing this message: "The Smart Card Server cannot > establish a secure channel with the smart card". > > Looking at the logs: > ----TPS---- > [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSEngine.computeSessionKey: > Non zero status result: 1 > [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSSession.process: Message > processing failed: TPSProcessor.setupSecureChannel: Can't set up secure > channel: TPSEngine.computeSessionKey: invalid returned status: 1 > [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSMessage.write: Writing: > s=43&msg_type=13&operation=5&result=1&message=17 > [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSSession.process: leaving: > result: 1 status: STATUS_ERROR_SECURE_CHANNEL > [23/Jan/2015:11:05:05][http-bio-8443-exec-11]: After session.process() > exiting ... > > > ----TKS---- > > > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet: > ComputeSessionKey(): xkeyInfo[0] = 0x1, xkeyInfo[1] = 0x2 > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet: > ComputeSessionKey(): Nist SP800-108 KDF will be used for key versions >= 0x0 > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet: > ComputeSessionKey(): Nist SP800-108 KDF (if used) will use KDD. > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet about to try > ComputeSessionKey selectedToken=Internal Key Storage Token > keyNickName=#01#02 > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:Tried > ComputeSessionKey, got NULL > java.lang.Exception: Can't compute session key! > > (...) > > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet Computing Session > Key: java.lang.Exception: Can't compute session key! > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: > TokenServlet:outputString.encode status=1 > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: > TokenServlet:outputString.length 8 > [23/Jan/2015:11:05:05][http-bio-8443-exec-14]: SignedAuditEventFactory: > create() > message=[AuditEvent=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE][CUID_decoded=00002161960056514505][KDD_decoded=00002161960056514505][Outcome=Failure][status=1][AgentID=xxxxx-8443][IsCryptoValidate=true][IsServerSideKeygen=false][SelectedToken=Internal > Key Storage > Token][KeyNickName=#01#02][TKSKeyset=defKeySet][KeyInfo_KeyVersion=0x1][NistSP800_108KdfOnKeyVersion=0x0][NistSP800_108KdfUseCuidAsKdd=false][Error=Problem > generating session key info.] TKS Compute session key request failed > > Any idea about the where the problem might be? > > Thanks in advance > > Regards > > Javi > > > _______________________________________________ > Pki-users mailing list > Pki-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-users