000020763 - Recovering archived keypair with KCA fails with an error XrcUNABLE

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000020763
Applies ToKeon Certificate Authority 6.0.2
Keon Key Recovery Module 6.0.2
Microsoft Windows 2000 Server SP3
IssueRecovering archived keypair with KCA fails with an error XrcUNABLE
As the last step in recovering an archived keypair process, when the Key Recovery Operator (KRO) clicks on the "Download Keypair" button on the page key-retrieval.xuda, the operation fails with the following error:

 Program Error
 recovered-key.p12: Line 92: [XrcUNABLE] unspecified failure. Key recovery error.

The keypair being recovered was archived in a previous installation, KCA/KKRM 5.7 where it can be successfully recovered. If a new encryption keypair is archived in KCA/KKRM 6.0.2, it can be successfully recovered.
CauseThe encryption certificate belonging to the keypair (archived in KCA/KKRM 5.7) included the extension "Subject Directory Attribute". The encoding of this extension was incorrect when issued in KCA 5.7. This incorrect encoding caused the keypair recovery operation to fail in KCA/KKRM 6.0.2 Build 112.
ResolutionThis issue has been corrected in hot fix KCA/KKRM 6.0.2 Build 116. Contact RSA Security Customer Support to obtain this hot fix.
WorkaroundKeon CA (KCA) and Keon Key Recovery Module (KKRM) were upgraded from version 5.7 to 6.0.2 Build 112
Legacy Article IDa18672

Attachments

    Outcomes