Re: [Pki-users] Unable to format smart card
OH Hello Sorry:
Sorry about the delay, I got avalanched in work.
The last I recall, you said that you were using a scp02 card.
That is a not starter. We only have gp2.0.1 / scp01 support
right this minute. We are working though.
----- Original Message -----
From: "Javier Gallart" <jgallartm(a)gmail.com>
To: pki-users(a)redhat.com
Sent: Tuesday, February 3, 2015 8:32:51 AM
Subject: Re: [Pki-users] Unable to format smart card
Hello
we still haven't been able to figure out how to fix this problem. I'm attaching
the config files.
Regards
Javi
On Fri, Jan 23, 2015 at 5:14 PM, Javier Gallart < jgallartm(a)gmail.com > wrote:
Hello all
first question in the list. I recently installed Dogtag version 10.2.1. Testing is going
fine so far, with the exception of the smart card format stage.
Let me give you the specs of the system:
-Dogtag runs on a Fedora20 x86_64
-ESC (version esc-1.1.0-14.el5.centos1) runs on a Centos 5.11 x86_64
-Smart Card Model:SmartCafe Expert 3.2 72K from G&D with 72K on-board EEPROM
When I push the format button, the authentication looks good; however the operation fails
throwing this message: "The Smart Card Server cannot establish a secure channel with
the smart card".
Looking at the logs:
----TPS----
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSEngine.computeSessionKey: Non zero
status result: 1
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSSession.process: Message processing
failed: TPSProcessor.setupSecureChannel: Can't set up secure channel:
TPSEngine.computeSessionKey: invalid returned status: 1
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSMessage.write: Writing:
s=43&msg_type=13&operation=5&result=1&message=17
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: TPSSession.process: leaving: result: 1
status: STATUS_ERROR_SECURE_CHANNEL
[23/Jan/2015:11:05:05][http-bio-8443-exec-11]: After session.process() exiting ...
----TKS----
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet: ComputeSessionKey():
xkeyInfo[0] = 0x1, xkeyInfo[1] = 0x2
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet: ComputeSessionKey(): Nist
SP800-108 KDF will be used for key versions >= 0x0
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet: ComputeSessionKey(): Nist
SP800-108 KDF (if used) will use KDD.
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet about to try ComputeSessionKey
selectedToken=Internal Key Storage Token keyNickName=#01#02
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:Tried ComputeSessionKey, got
NULL
java.lang.Exception: Can't compute session key!
(...)
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet Computing Session Key:
java.lang.Exception: Can't compute session key!
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:outputString.encode status=1
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: TokenServlet:outputString.length 8
[23/Jan/2015:11:05:05][http-bio-8443-exec-14]: SignedAuditEventFactory: create()
message=[AuditEvent=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE][CUID_decoded=00002161960056514505][KDD_decoded=00002161960056514505][Outcome=Failure][status=1][AgentID=xxxxx-8443][IsCryptoValidate=true][IsServerSideKeygen=false][SelectedToken=Internal
Key Storage
Token][KeyNickName=#01#02][TKSKeyset=defKeySet][KeyInfo_KeyVersion=0x1][NistSP800_108KdfOnKeyVersion=0x0][NistSP800_108KdfUseCuidAsKdd=false][Error=Problem
generating session key info.] TKS Compute session key request failed
Any idea about the where the problem might be?
Thanks in advance
Regards
Javi
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users