Bug 501782 - Unable to generate master key when a nethsm 2000 is attached.
Unable to generate master key when a nethsm 2000 is attached.
Status: CLOSED NOTABUG
Product: Dogtag Certificate System
Classification: Community
Component: Tools - Java (Show other bugs)
unspecified
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Christina Fu
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-05-20 13:19 EDT by Sean Veale
Modified: 2015-01-04 18:38 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-22 09:21:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Sean Veale 2009-05-20 13:19:02 EDT
Description of problem:

CS8beta is the name for the nethsm. 

When I cd into the /var/lib/pki-tks/alias directory and then run

tkstool -M -d ./ -h CSBeta  is the command I set

Where CS8beta is the name for the nethsm connected to the system I get this error?


Enter Password or Pin for "CS8beta":

Generating and storing the master key on the specified token . . .

2009-05-19 17:11:02 [4957] t1024a320bb2a0000: pkcs11-sam: 000008ce Application error: Key type CKK_DES2
2009-05-19 17:11:02 [4957] t1024a320bb2a0000: pkcs11-sam: 000008ce Application error: Not allowing insecure token key; set CKNFAST_OVERRIDE_SECURITY_ASSURANCES=tokenkeys to allow
tkstool -M:  unable to generate/store this DES2 master key :-8190
[root@scis01 alias]# 


Version-Release number of selected component (if applicable):

CS 8.0 Beta2 
How reproducible:
always

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Christina Fu 2009-05-21 17:49:24 EDT
for the record:

I had success.
[root@gamma alias]# export  CKNFAST_OVERRIDE_SECURITY_ASSURANCES=tokenkeys
[root@gamma alias]# tkstool -M -n new_master -d . -h nethsm2k
Enter Password or Pin for "nethsm2k":

Generating and storing the master key on the specified token . . .

2009-05-21 10:06:17 [12305] tc0f6fab7: pkcs11-sam: 000008ce Warning: Key type CKK_DES2
2009-05-21 10:06:17 [12305] tc0f6fab7: pkcs11-sam: 000008ce Warning: Allowing insecure token key because CKNFAST_OVERRIDE_SECURITY_ASSURANCES=tokenkeys set
Naming the master key "new_master" . . .

Computing and displaying KCV of the master key on the specified token . . .

   new_master key KCV:  F1CE A525


Successfully generated, stored, and named the master key
including computing and displaying its KCV!

Christina

Note You need to log in before you can comment on or make changes to this bug.