000027285 - How to interpret common RKM C client error codes

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000027285
Applies ToRSA Key Manager Client 2.x or later
IssueHow to interpret common RKM C client error codes
R_KM_KEY_CTX_new_from_file returns 10018 or other error
NotesAll of the error codes are defined in library\include\km_error.h. 

10018 means R_KM_ERROR_BAD_VALUE. 

"bad value" can refer to the length of your cache and P12 passwords.  The minimum length for the cache and P12 passwords is 8 characters. This minimum length is specified in the RKM Developer's Guide under "Initializing the Key Manager Client" -> "Initialization Parameters" (see the table at the bottom of the page).

The 2.7 API guide says the the credential_password and cache_password parameters of R_KM_KEY_CTX_new_from_file are "optional".  This is true, but if you don't want to specify these, you must pass in "NULL", which is defined as 0, the null pointer.  If you use "" instead, RKM will treat this as a password of length 0 and you will get a 10018 error.


10039 (R_KM_ERROR_CERT) can mean that your certificate uses a non-FIPS approved algorithm, while RKM is in FIPS mode.  Set FIPSMode to false, or use a PKCS #12 file that uses 3DES for encryption.  To convert your certificate to use a FIPS approved algorithm, see "How to create a FIPS compliant p12 file" solution a47358.
Results of using bad sample parameters:

If I use a keyclass associated with another p12 (not the one identified in my .cfg file), then I get:
ERROR: critical error in R_KM_encrypt_by_class()
Encryption Error: 20030


If I use the wrong p12 password I get:
ERROR: critical error in R_KM_encrypt_by_class()
Encryption Error: 10039


If I use the wrong name for the key class I get:
ERROR: critical error in R_KM_encrypt_by_class()
Encryption Error: 20010


If I use the wrong name for the *init.cfg or *svc.cfg file (or the wrong directory path - which can occur within a debugger such as GDB) I get:
ERROR: R_KM_CTX_new_from_file returned 10008
Encryption Error: 1


If I use the wrong name for the input file I get:
ERROR: Could not open C:\RSA\RKM\Client\2.1.3\vc8\samples\config\encrypt_input1.
Encryption Error: 10002
Legacy Article IDa42218

Attachments

    Outcomes