MY0385 PIV Card Issuance Failure – Invalid algorithm specified error

Forums MyID knowledge base MY0385 PIV Card Issuance Failure – Invalid algorithm specified error

Tagged: ,

  • This topic is empty.
Viewing 1 post (of 1 total)
  • Author
    Posts
  • 22nd May 2020 at 9:28 am #3375
    MyID Support
    Keymaster

    Issue:

    This following error is reported in the client and/or the System Events report when attempting to issue a PIV card.

    BOL COM catch handler
    Function : ProcessAPDUCommand, catch handler. Error :
    Invalid algorithm specified.
    An error occurred inside PivCardServer::ProcessCommand
    Error: 0x80090008 Invalid algorithm specified.
    An error occurred inside DataModelCreator::MakeApduWriteSequenceEx
    Error: 0x80090008 Invalid algorithm specified.
    An error occurred inside DataCollector::
    Error: 0x80090008 Invalid algorithm specified.
    An error occurred inside CCHUIDSignatureProcessor::ProcessFindData
    Error: 0x80090008 : Invalid algorithm specified.

    Info: CryptCreateHash
    ————————-
    Exception raised in function: myid::’anonymous namespace’::CryptHashHandle::myid::’anonymous-namespace’::CryptHashHandle::CryptHashHandle
    In file HashAlgorithmFactory.cpp at line 72
    In object PivDataProcessor.CHUIDSignatureProcessor.1
    In object CardDataModel.DataCollector.1
    In object CardDataModel.DataModelCreator.1

    Cause:
    When you create the MyID Server Signing Certificates (e.g. PIV Content Signer), from a Microsoft CA, and the certificate template Cryptography tab is configured as “Requests can use any provider available on the subject’s computer.”, a non-PIV compliant algorithm can be selected during the certificate creation.

    Resolution:
    Change this to “Requests must use one of the following providers” and then select “Microsoft Enhanced RSA and AES Cryptographic Provider”.
    Your new content signer is then able to perform the various PIV signing operations.  See the MyID “PIV Integration Guide” section on “Configure server signing certificates” for more details.

    Also give due consideration to whether you are also using a HSM to store the private key for your PIV Content Signing certificate. You must use whatever “Enhanced RSA and EAS Cryptographic Provider” is relevant for your HSM. e.g. for LUNA HSM use “Luna enhanced RSA and AES provider for Microsoft”. Windows

  • Author
    Posts
Viewing 1 post (of 1 total)
  • The forum ‘MyID knowledge base’ is closed to new topics and replies.