000025046 - RKM 2.0.1: GetKey fails  'KmsNoDigestFoundException: No digest found.' on server

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025046
Applies ToRSA Key Manager Server 2.0.1
Windows XP Professional
RSA Key Manager Server 1.5
RSA Professional Services Key Manager migration tool
IssueRKM 2.0.1: GetKey fails, "KmsNoDigestFoundException: No digest found." on server

After migrating the data from RKM 1.5 server to RKM 2.0.1 server, client GetKey operation fails and the RKM 2.0.1 Server log file shows "com.rsa.kms.key.support.KmsNoDigestFoundException: No digest found."

[3/8/07 19:23:35:930 CST] 00000034 WSDefaultPrin W SECJ4060W: Cannot find parameter properties that may be needed by Mapping LoginModules.
[3/8/07 19:23:35:935 CST] 00000034 WSDefaultPrin W SECJ4060W: Cannot find parameter properties that may be needed by Mapping LoginModules.
[3/8/07 19:23:35:939 CST] 00000034 WSDefaultPrin W SECJ4060W: Cannot find parameter properties that may be needed by Mapping LoginModules.
[3/8/07 19:23:35:941 CST] 00000034 WSDefaultPrin W SECJ4060W: Cannot find parameter properties that may be needed by Mapping LoginModules.
[3/8/07 19:23:35:944 CST] 00000034 WSDefaultPrin W SECJ4060W: Cannot find parameter properties that may be needed by Mapping LoginModules.
[3/8/07 19:23:35:946 CST] 00000034 WSDefaultPrin W SECJ4060W: Cannot find parameter properties that may be needed by Mapping LoginModules.
[3/8/07 19:23:35:948 CST] 00000034 WSDefaultPrin W SECJ4060W: Cannot find parameter properties that may be needed by Mapping LoginModules.
[3/8/07 19:23:35:960 CST] 00000034 WSDefaultPrin W SECJ4060W: Cannot find parameter properties that may be needed by Mapping LoginModules.
[3/8/07 19:23:35:967 CST] 00000034 ProviderServl E com.rsa.kms.transport.servlet.ProviderServlet performGet No digest found.
com.rsa.kms.key.support.KmsNoDigestFoundException: No digest found.
at com.rsa.kms.key.application.DefaultApplicationKeyStore.e(DashoA10*..:201)
at com.rsa.kms.key.application.DefaultApplicationKeyStore.c(DashoA10*..:174)
at com.rsa.kms.key.application.DefaultApplicationKeyStore.a(DashoA10*..:150)
at com.rsa.kms.key.application.DefaultApplicationKeyStore.getKey(DashoA10*..:85)
at com.rsa.kms.key.application.DefaultApplicationKeyLookup.getKey(DashoA10*..:43)
at com.rsa.kms.key.provider.DefaultKeyClassManager.getKey(DashoA10*..:79)
at com.rsa.kms.key.provider.DefaultKeyProvider.a(DashoA10*..:122)
at com.rsa.kms.key.provider.DefaultKeyProvider.c(DashoA10*..:115)
at com.rsa.kms.key.provider.DefaultKeyProvider.b(DashoA10*..:77)
at com.rsa.kms.key.provider.DefaultKeyProvider.a(DashoA10*..:66)
at com.rsa.kms.key.provider.DefaultKeyProvider.getKey(DashoA10*..:57)
at com.rsa.kms.key.provider.DefaultKeyProviderManager.getKey(DashoA10*..:92)
at com.rsa.kms.transport.servlet.ProviderServlet.performGet(DashoA10*..:67)
at com.rsa.kms.transport.servlet.AbstractKeyManagerServlet.doGet(DashoA10*..:54)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
at com.rsa.kms.transport.servlet.AbstractKeyManagerServlet.service(DashoA10*..:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.rsa.kms.transport.servlet.AbstractKeyManagerServlet.service(DashoA10*..:120)
...


The following error is displayed in the log during the migration/import to the new database:

2007-03-08 18:17:05,875 ERROR TP-Processor3 rsa.pso.kms.WrapData - LocalKeyStore: Unwrap JSAFE_PaddingException: Could not perform unpadding: invalid pad byte.

Cause

The wrong master password was entered during migration of the database from RKM 1.5 to RKM 2.0.1 .  This resulted in corrupted keys in the database.


In the migration tool, you type in the master password for RKM 1.5 and another master password (could be the same) for RKM 2.0.1. The wrong one was entered for the 1.5, causing the decryption and hence padding-removal to fail, resulting in a key (garbage) being to short. This key was then re-encrypted with the 2.0.1 password and inserted into the keystore.

ResolutionRedo the migration using the correct RKM 1.5 master password this time.
Legacy Article IDa33738

Attachments

    Outcomes