This following error is reported in the client and/or the System Events report when attempting to issue a PIV card.
BOL COM catch handler Function : ProcessAPDUCommand, catch handler. Error : Invalid algorithm specified. An error occurred inside PivCardServer::ProcessCommand Error: 0x80090008 Invalid algorithm specified. An error occurred inside DataModelCreator::MakeApduWriteSequenceEx Error: 0x80090008 Invalid algorithm specified. An error occurred inside DataCollector:: Error: 0x80090008 Invalid algorithm specified. An error occurred inside CCHUIDSignatureProcessor::ProcessFindData Error: 0x80090008 : Invalid algorithm specified.
Info: CryptCreateHash ————————- Exception raised in function: myid::’anonymous namespace’::CryptHashHandle::myid::’anonymous-namespace’::CryptHashHandle::CryptHashHandle In file HashAlgorithmFactory.cpp at line 72 In object PivDataProcessor.CHUIDSignatureProcessor.1 In object CardDataModel.DataCollector.1 In object CardDataModel.DataModelCreator.1
When you create the MyID Server Signing Certificates (e.g. PIV Content Signer), from a Microsoft CA, and the certificate template Cryptography tab is configured as “Requests can use any provider available on the subject’s computer.”, a non-PIV compliant algorithm can be selected during the certificate creation.
Change this to “Requests must use one of the following providers” and then select “Microsoft Enhanced RSA and AES Cryptographic Provider”.
Your new content signer is then able to perform the various PIV signing operations. See the MyID “PIV Integration Guide” section on “Configure server signing certificates” for more details.
Also give due consideration to whether you are also using a HSM to store the private key for your PIV Content Signing certificate. You must use whatever “Enhanced RSA and EAS Cryptographic Provider” is relevant for your HSM. e.g. for LUNA HSM use “Luna enhanced RSA and AES provider for Microsoft”. Windows
Viewing 1 post (of 1 total)
The forum ‘MyID knowledge base’ is closed to new topics and replies.