Re: [Pki-users] Tpsclient - error enrolling token generated keys
- First Post
- Replies
- Stats
-
Go to
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
Try setting the following CS.cfg parameter as a workaround:
general.verifyProof=0
----- Original Message -----
From: "Alan Mikolajczuk" <Alan.Mikolajczuk(a)gdc4s.com>
To: pki-users(a)redhat.com
Sent: Monday, December 21, 2009 11:56:02 AM GMT -08:00 US/Canada Pacific
Subject: [Pki-users] Tpsclient - error enrolling token generated keys
Tpsclient - error enrolling token generated keys
All,
I have CS 8.0 GA installed and I am trying to use the tpsclient tool for testing the TPS.
When enrolling a user there are 2 keys, (signing and ID) generated on the card and the
encryption key is generated server side. When the tpsclient enrollment is complete it
states "Success - Operation 'ra_enroll' Success". But looking into the
tps-error log it states that:
[2009-12-21 11:41:01] a6b19c50 CertEnroll::verifyProof - VFY_CreateContext() failed
[2009-12-21 11:41:01] a6b19c50 CertEnroll::ParsePublicKeyBlob - verify proof failed
[2009-12-21 11:41:01] a6b19c50 RA_Enroll_Processor::DoEnrollment - Failed to parse public
key
[2009-12-21 11:41:01] a6b19c50 CertEnroll::verifyProof - VFY_CreateContext() failed
[2009-12-21 11:41:01] a6b19c50 CertEnroll::ParsePublicKeyBlob - verify proof failed
[2009-12-21 11:41:01] a6b19c50 RA_Enroll_Processor::DoEnrollment - Failed to parse public
key
These errors are not seen when enrolling with a SafeNet 330J.
My tpsclint script is below. Is there are way to use the tpsclient and have keys generated
on the fake token verified successfully?
op=var_set name=ra_host value=tps
op=var_set name=ra_port value=7888
op=var_set name=ra_uri value=/nk_service
op=token_set cuid=00000000000000000003
op=token_set msn=01020304
op=token_set app_ver=499dc06c
op=token_set key_info=0101
op=token_set major_ver=1
op=token_set minor_ver=4
op=token_set auth_key=404142434445464748494a4b4c4d4e4f
op=token_set mac_key=404142434445464748494a4b4c4d4e4f
op=token_set kek_key=404142434445464748494a4b4c4d4e4f
op=ra_enroll uid=frederick.c.meyer pwd=aixAeiYZnhhnbzBB num_threads=1 new_pin=not4long
keygen=true
op=exit
Thanks,
Alan Mikolajczuk
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
5479
days inactive
5479
days old
0 comments
1 participants
tags (0)
participants (1)
-
John Magne