Error Messages
This section lists the error messages that might be returned by the CipherTrust Manager. It covers the following information:
Overview
Errors are either fatal or non-fatal; in the case of fatal errors, the server closes the connection with the client. In the case of non-fatal errors, the connection remains open, and the client is able to continue making requests to the server. Fatal errors are numbered 1-999 and grouped as follows:
| Error Type | Fatal Error Range | Non-Fatal Error Range |
|---|---|---|
| General System Errors | 1-99 | 1001-1099 |
| Parse Errors | 100-199 | 1100-1199 |
| Authentication Errors | 200-299 | 1200-1299 |
| Cryptographic Errors | 300-399 | 1300-1399 |
| Key Errors | 400-499 | 1400-1499 |
| User and Group Errors | 600-699 | 1600-1699 |
| Secret Object Errors | 1950-1999 |
The tables below list all the error numbers and messages that might be returned by the server.
General System Errors
This section lists general system errors.
| Error Number | Description |
|---|---|
| 1 | Unknown server error. |
| 2 | Out of memory. |
| 40 | No licenses are installed. |
| 45 | The feature required for this operation is not activated. |
| 41 | All licenses are in use. |
| 50 | SSL/TCP mismatch. |
| 1001 | Operation not supported. |
| 1002 | Failed to save configuration. |
Parse Errors
This section lists parse errors.
| Error Number | Description |
|---|---|
| 100 | Unrecognizable client request. |
| 101 | Could not parse client request. |
| 102 | Client request has invalid XML format. |
| 103 | Header length cannot exceed 8192 bytes. |
| 104 | Invalid or missing data section. |
| 105 | Invalid data chunk. |
| 106 | Invalid chunk size. |
| 107 | Unsupported protocol version. |
| 108 | Invalid request ID. |
| 109 | Cannot negotiate version after previous requests. |
| 110 | This request or tag is no longer supported. |
| 111 | Administrative operations disallowed. |
| 112 | Security settings do not allow key export. |
| 113 | Key clone is not supported by this device. |
| 114 | Cannot specify Version and AllVersions tag. |
| 117 | Version key is not supported. |
| 1100 | Invalid parameter value. |
| 1103 | KeyVersion and AllVersions can only be specified with IDType :- Name. |
| 1104 | Cannot specify both KeyName and KeyAlias. |
| 1105 | Invalid alias name. |
| 1106 | Invalid alias type. |
Authentication Errors
This section lists authentication errors.
| Error Number | Description |
|---|---|
| 200 | Missing username. |
| 201 | Missing password. |
| 202 | Invalid username or password. |
| 203 | Cannot authenticate after previous requests. |
| 204 | Username did not match client certificate. |
| 205 | Could not connect to LDAP server. |
| 206 | Missing credentials. |
| 207 | Invalid authentication token. |
| 208 | Authentication token has expired. |
| 209 | User password has expired. |
| 220 | Insufficient permissions. |
| 221 | User is not authorized to perform this operation at this time. |
| 230 | Authentication required. |
| 231 | User must reauthenticate. |
| 240 | Client certificate required. |
| 241 | Invalid client certificate. |
| 242 | Client certificate IP address field required. |
| 243 | Invalid client certificate IP address field. |
| 244 | Client IP address did not match client certificate IP address field. |
| 245 | SSL connection failed (no shared ciphers) |
| 264 | Need to authenticate. |
| 280 | User is not authorized to connect to the SQL Parse Server. |
Cryptographic Errors
This section lists cryptographic errors.
| Error Number | Description |
|---|---|
| 300 | Could not perform cryptographic operation. |
| 301 | Total data size is too long for this cipher. |
| 302 | Total data size is not a multiple of cipher block size. |
| 303 | Invalid padding; encrypted data may have been corrupted. |
| 304 | Cryptographic operation failed in cipher update. |
| 305 | Cryptographic operation failed in cipher final. |
| 306 | Cryptographic operation failed in cipher operation. |
| 307 | Cryptographic operation failed in cipher mac. |
| 308 | Cryptographic operation failed in cipher macv. |
| 309 | Cryptographic operation failed in cipher sign. |
| 310 | Cryptographic operation failed in cipher signv. |
| 320 | Failed to encode data in base 64. |
| 321 | Encrypt all supports only DATASINGLE. |
| 322 | Key version specified in the CryptoRequest does not match with the key version encrypting the data. You must encrypt and decrypt with the same version of the key. |
| 1300 | Invalid or missing operations list. |
| 1301 | Invalid or missing operation name. |
| 1302 | Invalid operation. |
| 1303 | Operation requires an algorithm. |
| 1304 | Invalid operation/algorithm pair. |
| 1320 | Invalid or missing algorithm. |
| 1321 | Unknown algorithm. |
| 1322 | Algorithm requires a key. |
| 1323 | Invalid algorithm/key pair. |
| 1324 | NAE certificate is not valid for crypto, because it is inactive or unsigned. |
| 1327 | Key is not Symmetric Key |
| 1330 | Invalid or missing derivation algorithm |
| 1340 | Invalid IV. |
| 1341 | Algorithm requires IV. |
| 1342 | Algorithm does not require IV. |
| 1343 | Invalid IV size. |
| 1344 | Invalid or missing MAC value for MAC verification. |
| 1345 | Invalid or missing signature value for signature verification. |
| 1350 | Could not decode ciphertext header. |
| 1360 | Invalid or missing data size. |
| 1371 | Invalid or missing DB column ID. |
Key Errors
This section lists key errors.
| Error Number | Description |
|---|---|
| 400 | Failed to change key owner. |
| 401 | Failed to set custom attributes. |
| 402 | Duplicate custom attribute name found. |
| 403 | Custom attribute value is not base 64 encoded. |
| 404 | Exceeded maximum number of custom attributes. |
| 405 | Exceeded maximum size for custom attribute name. |
| 406 | Exceeded maximum size for custom attribute value. |
| 407 | Exceeded maximum total size for custom attributes. |
| 408 | Invalid owner name specified in request. |
| 409 | Failed to create new key version. |
| 410 | Exceeded maximum active versions. |
| 411 | Invalid custom attribute name. |
| 414 | Unsupported wrap format for key export. |
| 419 | Invalid or empty wrap public key. |
| 420 | Invalid or empty wrap format. |
| 1107 | Cannot specify both WrapSymmetricKeyName and WrapKeyName. |
| 1108 | Cannot specify both WrapKeyName and WrapPublicKey. |
| 1400 | Invalid or missing key name. |
| 1401 | Unknown key name or insufficient permissions. |
| 1403 | Could not initialize key. |
| 1404 | The key that was being used has been deleted or modified. |
| 1405 | Invalid key version. |
| 1406 | Key has no active versions. |
| 1407 | Password is not base 64 encoded. |
| 1412 | Invalid or missing IKM key name. |
| 1413 | Key version state is allowed only for versioned key. |
| 1420 | Could not generate key. |
| 1421 | Could not import key. |
| 1422 | Key already exists. |
| 1423 | Invalid or missing key data. |
| 1424 | Unsupported key size. |
| 1425 | Invalid key size. |
| 1426 | Invalid permissions. |
| 1427 | Global key cannot have group permissions. |
| 1428 | Maximum key capacity has been reached. |
| 1429 | Invalid key state. |
| 1430 | Weak DES key. |
| 1431 | Invalid or Unsupported curve. |
| 1432 | Missing curveID. |
| 1435 | Invalid or Unsupported SALT value. |
| 1436 | Invalid or Unsupported INFO value. |
| 1440 | Key is not exportable. |
| 1441 | Key export is not supported by this device. |
| 1442 | Replication password not set. |
| 1443 | Key is not asymmetric. |
| 1444 | Cannot specify both WrapKeyName and WrapKey. |
| 1445 | Invalid or missing wrapping algorithm. |
| 1446 | Invalid or missing wrapping key name. |
| 1447 | Invalid key format. |
| 1448 | Password is only needed when key is exported in PKCS#12 format. |
| 1449 | Password is required when key is exported in PKCS#12 format. |
| 1450 | Key is not deletable. |
| 1451 | Key cannot be deleted because it is used by one or more profiles. |
| 1460 | Security settings do not allow global key usage. |
| 1461 | Security settings do not allow this key size for this algorithm. |
| 1462 | Security settings do not allow this key size for certificates. |
| 1463 | Security settings do not allow RSA encryption or decryption. |
| 1464 | Exceeded maximum number of keys for key query. |
| 1472 | Secret Object is not a key. |
| 1473 | Invalid ID Type. |
| 1474 | A key with alias already exists. |
| 1475 | Unknown key alias or insufficient permissions. |
| 1476 | Key rotation frequency must be an integer greater than or equal to 0. |
| 1477 | Duplicate alias found. |
| 1478 | Could not delete default alias. |
| 1479 | Invalid or missing charset. |
| 1564 | Either Password or PasswordIdentifier must be provided for PBE Wrap. |
| 1565 | Both Password and Password identifier cannot be passed simultaneously for PBE wrap. |
| 1566 | Invalid Hash Algorithm. |
| 1567 | Salt length should be at least 8 bytes for password based encryption. |
| 1568 | Iteration should be in range of 1 to 1,00,00,000 for password based encryption. |
| 1569 | Derive key length should be in range of 14 to 512 bytes for password based encryption. |
| 1570 | Invalid WrapFormat specified. |
| 1571 | RSA key encryption key size should be greater than or equal to RSA data encryption key size. |
| 1572 | Minimum size of the RSA wrap key for RSA-AES-WRAP should be 2048-bit.. |
| 1573 | AES key size must be minimum 192-bit for RSA 4096-bit data encryption key. |
Certificate Errors
This section lists certificate errors.
| Error Number | Description |
|---|---|
| 1500 | Could not generate certificate request. |
| 1501 | Could not sign certificate request. |
| 1502 | Could not install certificate. |
| 1510 | Unknown certificate request. |
| 1511 | Unknown certificate. |
| 1512 | Could not export certificate. |
| 1520 | Invalid or missing certificate name. |
| 1521 | Invalid or missing certificate. |
| 1522 | Missing common name. |
| 1523 | Invalid organization name. |
| 1524 | Invalid organization unit name. |
| 1525 | Invalid locality name. |
| 1526 | Invalid state or province name. |
| 1527 | Missing country name. |
| 1528 | Invalid email. |
| 1529 | Invalid or missing CA name. |
| 1530 | Certificate or key already exists with this name. |
| 1531 | Certificate name cannot be '.' and cannot contain '..' or '/'. |
| 1532 | Certificate name cannot be longer than 64 characters. |
| 1533 | Key size must be 768, 1024, or 2048. |
| 1534 | Country name must be two characters. |
| 1535 | Common name cannot be longer than 64 characters. |
| 1536 | Common name cannot be blank. |
| 1537 | Email cannot be longer than 40 characters. |
| 1540 | Unknown certificate. |
| 1541 | Failed to load certificate for export. |
| 1542 | Only certificates allow a subject. |
| 1543 | Certificate requires a subject. |
| 1544 | Only certificates allow extensions. |
| 1545 | Unsupported extension. |
| 1546 | Invalid or missing certificate data format. |
| 1547 | Key is not a certificate request. |
| 1548 | Key is not a certificate. |
| 1549 | Invalid or missing certificate usage. |
| 1550 | Invalid or missing certificate expiry. |
| 1561 | Certificate authority not found. |
User and Group Errors
This section lists user and group errors.
| Error Number | Description |
|---|---|
| 1600 | Missing username. |
| 1601 | Invalid username. |
| 1602 | User already exists. |
| 1603 | User does not exist. |
| 1604 | 'Global' user cannot be created. |
| 1620 | Missing password. |
| 1621 | Invalid password. |
| 1622 | Password is too weak. |
| 1640 | Missing group name. |
| 1641 | Invalid group name. |
| 1642 | Group already exists. |
| 1643 | Group does not exist. |
| 1660 | Cannot delete the owner of a key. |
| 1670 | Operation not supported with LDAP user directory. |
Backend Request Errors
This section lists backend request errors.
| Error Number | Description |
|---|---|
| 1800 | Communication failure. |
Record Event Errors
This section lists backend request errors.
| Error Number | Description |
|---|---|
| 1900 | Message size not specified. |
| 1901 | Invalid message size. |
| 1902 | Invalid or missing message. |
| 1903 | Exceeded message size. |
Secret Object Errors
| Error Number | Description |
|---|---|
| 1950 | Secret Object already exists. |
| 1951 | Could not import Secret Object. |
| 1952 | Missing Secret Object name. |
| 1953 | Invalid or missing Secret Object type. |
| 1954 | Invalid or missing Secret Object data. |
| 1955 | Unknown Secret Object name or insufficient permissions. |
| 1956 | Secret Object is not exportable. |
| 1957 | Secret Object is not deletable. |
| 1958 | Global secret object cannot have group permissions. |
| 1959 | Cannot specify both ObjectName and Alias. |
| 1960 | Duplicate alias found. |
| 1961 | A Cryptographic object with alias already exists. |
| 1962 | Unknown secret alias or insufficient permissions. |
