Trouble about Key recovery
|
View:
New views
8 Messages
—
Rating Filter:
Alert me
|
 |
Trouble about Key recovery
by yquenechdu
::
Rate this Message:
|
|
|
Re: Trouble about Key recovery
by Tomas Gustavsson
::
Rate this Message:
|
|
|
Re: Trouble about Key recovery
by yquenechdu
::
Rate this Message:
|
|
|
Re: Trouble about Key recovery
by Bruno Bonfils-2
::
Rate this Message:
|
|
|
Re: Trouble about Key recovery
by Tomas Gustavsson
::
Rate this Message:
|
|
|
Re: Trouble about Key recovery
by Johan Eklund
::
Rate this Message:
Hi Yannick,
I confirmed a problem with approval of KeyRecovery (https://jira.primekey.se/browse/ECA-802) and have now committed a solution to the trunk and 3.6-branch. Hopefully this will solve your problems, even though the error message wasn't the same as for me. Best Regards, Johan Eklund yannick quenec'hdu skrev: > Tomas Gustavsson a écrit : > >> Hi Yannick, >> >> I followed these steps when testing to get the "Recover key" button (I >> did it now to verify): >> >> - I went into system configuration and checked that enable key recover >> was checked (it was alrady. >> - I edited an end entity profile and checked Use key recovery >> - I added a new end entity, and check Key recovery checkbox. >> - bin/ejbca.sh batch >> >> > I obtain this error message : > > 16:11:44,374 ERROR [Log4jLogDevice] 18 mai 2008 16:11:44 CEST, CAId : > -507922917, KEYRECOVERY, EVENT_ERROR_KEYRECOVERY, Administrator : > PUBLICWEBUSER, IP Address : 127.0.0.1, User : yann7, Certificate : > 7e47b55043ce427e, issuer: CN=recouvremernt, Comment : Error when trying > to add keyrecovery data for certificate with serial number > 7e47b55043ce427e, issuer CN=recouvremernt. > > > >> It is probably a miss in the documentation, I will update the docs. >> >> Cheers, >> Tomas >> >> yannick quenec'hdu wrote: >> >> >>> This message about recovery Key. >>> >>> When I read the user guide, the process for recovery a key indicate : >>> >>> * Admin GUI - List/Edit End Entities - View_Certificates for user - >>> Revoke the certificate with revocation reason >>> * Admin GUI - List/Edit End Entities - View_Certificates for user - >>> Recover Key, Close >>> * Admin GUI - List/Edit End Entities - Edit_End_Entity for user - >>> Enter new password for user, Save >>> * Public Web - Create Keystore - Enter username and password - Fetch >>> the keystore >>> >>> But for the action " "* Admin GUI - List/Edit End Entities - >>> View_Certificates for user - Recover Key, Close"" there isn't button on >>> something about recovery key. >>> >>> Can you clarify the method to recovery a key? >>> >>> Second problem, in "edit/create CA", the is possible the choose >>> "Recovery key for aproval", but this function doesn't seems to work. and >>> documentation indicate : >>> >>> "Currently are the following actions are enabled for approvals : >>> >>> * Add End Entity >>> * Edit End Entity >>> * Change User Status >>> * Revoke End Entity >>> * Revoke Token (approval for each certificate) >>> * Revoke Certificate >>> * Reactivate Certificate On Hold >>> >>> But in CA, there is : >>> >>> * Add End Entity >>> * Edit End Entity >>> * Key recovery >>> * Revoke >>> * Activate CA Token" >>> >>> Can you explain the method the approval recovery a key? >>> >>> Best Regards >>> Yannick >>> >>> >>> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2008. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> _______________________________________________ >> Ejbca-develop mailing list >> Ejbca-develop@... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> > > > -- PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se or contact info@... for more information. http://download.primekey.se/documents/ejbca_subscription.pdf http://download.primekey.se/documents/ejbca_training.pdf ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
|
Re: Trouble about Key recovery
by yquenechdu
::
Rate this Message:
|
|
|
Re: Trouble about Key recovery
by Johan Eklund
::
Rate this Message:
Hi Yannick,
"Caused by: java.security.InvalidKeyException: Illegal key size" suggests that you haven't installed the "Unlimited strength JCE policy"? Best Regards, Johan yannick quenec'hdu skrev: > Tomas Gustavsson a écrit : > >> No it's not required. Using web, but not choosing "User generated" >> should work as well. You can try with batch though to see if it works then. >> >> > I try with "create Keystore", I obtain this error message : > > 17:34:05,006 ERROR [X509CA] -encryptKeys: > org.bouncycastle.cms.CMSException: key invalid in message. > at org.bouncycastle.cms.CMSEnvelopedDataGenerator.generate(Unknown > Source) > at org.bouncycastle.cms.CMSEnvelopedDataGenerator.generate(Unknown > Source) > at org.ejbca.core.model.ca.caadmin.X509CA.encryptKeys(X509CA.java:1024) > at org.ejbca.core.model.ca.caadmin.CA.extendedService(CA.java:596) > at > org.ejbca.core.model.ca.caadmin.X509CA.extendedService(X509CA.java:1008) > at > org.ejbca.core.ejb.ca.sign.RSASignSessionBean.extendedService(RSASignSessionBean.java:1610) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at org.jboss.invocation.Invocation.performCall(Invocation.java:359) > at > org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237) > at > org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158) > at > org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169) > at > org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63) > at > org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121) > at > org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350) > at > org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181) > at > org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168) > at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205) > at > org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138) > at > org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648) > at org.jboss.ejb.Container.invoke(Container.java:960) > at > org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:430) > at > org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103) > at $Proxy244.extendedService(Unknown Source) > at > org.ejbca.core.ejb.keyrecovery.LocalKeyRecoverySessionBean.addKeyRecoveryData(LocalKeyRecoverySessionBean.java:346) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at org.jboss.invocation.Invocation.performCall(Invocation.java:359) > at > org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237) > at > org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158) > at > org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169) > at > org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63) > at > org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121) > at > org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350) > at > org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181) > at > org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168) > at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205) > at > org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138) > at > org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648) > at org.jboss.ejb.Container.invoke(Container.java:960) > at > org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:430) > at > org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103) > at $Proxy214.addKeyRecoveryData(Unknown Source) > at > org.ejbca.core.model.util.GenerateToken.generateOrKeyRecoverToken(GenerateToken.java:139) > at org.ejbca.ui.web.pub.CertReqServlet.doPost(CertReqServlet.java:257) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > at > org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179) > at > org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) > at > org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) > at java.lang.Thread.run(Thread.java:619) > Caused by: java.security.InvalidKeyException: Illegal key size > at javax.crypto.Cipher.a(DashoA13*..) > at javax.crypto.Cipher.a(DashoA13*..) > at javax.crypto.Cipher.init(DashoA13*..) > at javax.crypto.Cipher.init(DashoA13*..) > ... 69 more > > Cheers > > -- PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se or contact info@... for more information. http://download.primekey.se/documents/ejbca_subscription.pdf http://download.primekey.se/documents/ejbca_training.pdf ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
smime.p7s (3K) | Free Forum Powered by Nabble | Forum Help |