Difference between revisions of "E-Business Server:ERROR: Key cannot be used for encryption"
(Created page with "== ERROR: Key cannot be used for encryption == '''Technical Articles ID: SDSKB5''' '''Environment''' McAfee E-Business Server 7.x and 8.x for cause 1. For cause 2, EBS 7.6 ...") |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
== ERROR: Key cannot be used for encryption == | == ERROR: Key cannot be used for encryption == | ||
'''Technical Articles ID: SDSKB5''' | '''Technical Articles ID: SDSKB5''' | ||
| + | |||
'''Environment''' | '''Environment''' | ||
| − | + | SDS E-Business Server 7.x and 8.x for cause 1. For cause 2, EBS 7.6 and earlier, EBS 8.7 and earlier. | |
| + | |||
'''Problem''' | '''Problem''' | ||
| Line 24: | Line 31: | ||
exitcode = 22 may also be generated. | exitcode = 22 may also be generated. | ||
| + | |||
'''Cause 1''' | '''Cause 1''' | ||
| − | You are attempting to use a sign only key or a signing subkey for encryption.. To determine if a key is sign only, run the –key-list command''' '''to view the keys. A sign only key will have only a DSS field, where an encryption key will have a DSS field with a DH field below it. Below is an example of a sign | + | You are attempting to use a sign only key or a signing subkey for encryption.. To determine if a key is sign only, run the –key-list command''' '''to view the keys. A sign only key will have only a DSS field, where an encryption key will have a DSS field with a DH field below it. Below is an example of a sign only key (called signonly) and of a standard public key (gary test). |
<nowiki>Alg Type Size Flags Key ID User ID | <nowiki>Alg Type Size Flags Key ID User ID | ||
| Line 38: | Line 46: | ||
'''Solution 1''' | '''Solution 1''' | ||
Use an encryption key or remove the signing subkey. | Use an encryption key or remove the signing subkey. | ||
| + | |||
'''Cause 2''' | '''Cause 2''' | ||
| − | The key is a '''DSA '''(Digital Signature Algorithm) key with a Signing Keysize greater than '''1024'''. | + | The key is a '''DSA '''(Digital Signature Algorithm) key with a Signing Keysize greater than '''1024'''. SDS E-Business Server 8.7.0/7.6.x, and earlier, do not support the 2048 or 3072 key sizes. |
If this is the cause, when you view the Key Details, the Cipher may be listed as Unknown: | If this is the cause, when you view the Key Details, the Cipher may be listed as Unknown: | ||
| Line 46: | Line 55: | ||
'''Cipher: UNKNOWN''' | '''Cipher: UNKNOWN''' | ||
| − | Note that other issues such as an unknown / unsupported hash, may result in Cipher: Unknown, so this by itself does not indicate that the key uses DSA 2048. However, “Key cannot be used for encryption” combined with the UNKNOWN Cipher is a strong indication | + | Note that other issues such as an unknown / unsupported hash, may result in Cipher: Unknown, so this by itself does not indicate that the key uses DSA 2048. However, “Key cannot be used for encryption” combined with the UNKNOWN Cipher is a strong indication. |
'''Solution 2''' | '''Solution 2''' | ||
| − | Recreate the DSA key with a Signing Keysize equal to 1024. | + | Recreate the DSA key with a Signing Keysize equal to 1024 or Upgrade to the latest release of EBS. E-Business Server 7.7.1 and 8.8.1 support DSA 2048 signing keys and are currently available for download. |
Latest revision as of 11:45, 21 October 2019
ERROR: Key cannot be used for encryption
Technical Articles ID: SDSKB5
Environment
SDS E-Business Server 7.x and 8.x for cause 1. For cause 2, EBS 7.6 and earlier, EBS 8.7 and earlier.
Problem
The following error may be generated with E-Business Server when you attempt to encrypt a file:
event 1: initial
event 3: error -11493
Error: key cannot be used for encryption
event 2: final
error encrypting file.
Key cannot be used for encryption
exitcode = 22 may also be generated.
Cause 1
You are attempting to use a sign only key or a signing subkey for encryption.. To determine if a key is sign only, run the –key-list command to view the keys. A sign only key will have only a DSS field, where an encryption key will have a DSS field with a DH field below it. Below is an example of a sign only key (called signonly) and of a standard public key (gary test).
Alg Type Size Flags Key ID User ID --- ---- --------- ------- ---------- ------- DSS pair 1024 [VI---] 0x243DCBDE signonly DSS pub 2048/2048 [-----] 0x21BA1EA3 gary test (test)
Solution 1 Use an encryption key or remove the signing subkey.
Cause 2
The key is a DSA (Digital Signature Algorithm) key with a Signing Keysize greater than 1024. SDS E-Business Server 8.7.0/7.6.x, and earlier, do not support the 2048 or 3072 key sizes.
If this is the cause, when you view the Key Details, the Cipher may be listed as Unknown:
Cipher: UNKNOWN
Note that other issues such as an unknown / unsupported hash, may result in Cipher: Unknown, so this by itself does not indicate that the key uses DSA 2048. However, “Key cannot be used for encryption” combined with the UNKNOWN Cipher is a strong indication.
Solution 2
Recreate the DSA key with a Signing Keysize equal to 1024 or Upgrade to the latest release of EBS. E-Business Server 7.7.1 and 8.8.1 support DSA 2048 signing keys and are currently available for download.
