Description of problem: CS8beta is the name for the nethsm. When I cd into the /var/lib/pki-tks/alias directory and then run tkstool -M -d ./ -h CSBeta is the command I set Where CS8beta is the name for the nethsm connected to the system I get this error? Enter Password or Pin for "CS8beta": Generating and storing the master key on the specified token . . . 2009-05-19 17:11:02 [4957] t1024a320bb2a0000: pkcs11-sam: 000008ce Application error: Key type CKK_DES2 2009-05-19 17:11:02 [4957] t1024a320bb2a0000: pkcs11-sam: 000008ce Application error: Not allowing insecure token key; set CKNFAST_OVERRIDE_SECURITY_ASSURANCES=tokenkeys to allow tkstool -M: unable to generate/store this DES2 master key :-8190 [root@scis01 alias]# Version-Release number of selected component (if applicable): CS 8.0 Beta2 How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
for the record: I had success. [root@gamma alias]# export CKNFAST_OVERRIDE_SECURITY_ASSURANCES=tokenkeys [root@gamma alias]# tkstool -M -n new_master -d . -h nethsm2k Enter Password or Pin for "nethsm2k": Generating and storing the master key on the specified token . . . 2009-05-21 10:06:17 [12305] tc0f6fab7: pkcs11-sam: 000008ce Warning: Key type CKK_DES2 2009-05-21 10:06:17 [12305] tc0f6fab7: pkcs11-sam: 000008ce Warning: Allowing insecure token key because CKNFAST_OVERRIDE_SECURITY_ASSURANCES=tokenkeys set Naming the master key "new_master" . . . Computing and displaying KCV of the master key on the specified token . . . new_master key KCV: F1CE A525 Successfully generated, stored, and named the master key including computing and displaying its KCV! Christina