Error Messages
This section lists the error messages that might be returned by the CipherTrust Manager. It covers the following information:
Overview
Errors are either fatal or non-fatal; in the case of fatal errors, the server closes the connection with the client. In the case of non-fatal errors, the connection remains open, and the client is able to continue making requests to the server. Fatal errors are numbered 1-999 and grouped as follows:
Error Type | Fatal Error Range | Non-Fatal Error Range |
---|---|---|
General System Errors | 1-99 | 1001-1099 |
Parse Errors | 100-199 | 1100-1199 |
Authentication Errors | 200-299 | 1200-1299 |
Cryptographic Errors | 300-399 | 1300-1399 |
Key Errors | 400-499 | 1400-1499 |
User and Group Errors | 600-699 | 1600-1699 |
Secret Object Errors | 1950-1999 |
The tables below list all the error numbers and messages that might be returned by the server.
General System Errors
This section lists general system errors.
Error Number | Description |
---|---|
1 | Unknown server error. |
2 | Out of memory. |
40 | No licenses are installed. |
45 | The feature required for this operation is not activated. |
41 | All licenses are in use. |
50 | SSL/TCP mismatch. |
1001 | Operation not supported. |
1002 | Failed to save configuration. |
Parse Errors
This section lists parse errors.
Error Number | Description |
---|---|
100 | Unrecognizable client request. |
101 | Could not parse client request. |
102 | Client request has invalid XML format. |
103 | Header length cannot exceed 8192 bytes. |
104 | Invalid or missing data section. |
105 | Invalid data chunk. |
106 | Invalid chunk size. |
107 | Unsupported protocol version. |
108 | Invalid request ID. |
109 | Cannot negotiate version after previous requests. |
110 | This request or tag is no longer supported. |
111 | Administrative operations disallowed. |
112 | Security settings do not allow key export. |
113 | Key clone is not supported by this device. |
114 | Cannot specify Version and AllVersions tag. |
117 | Version key is not supported. |
1100 | Invalid parameter value. |
1103 | KeyVersion and AllVersions can only be specified with IDType :- Name. |
1104 | Cannot specify both KeyName and KeyAlias. |
1105 | Invalid alias name. |
1106 | Invalid alias type. |
Authentication Errors
This section lists authentication errors.
Error Number | Description |
---|---|
200 | Missing username. |
201 | Missing password. |
202 | Invalid username or password. |
203 | Cannot authenticate after previous requests. |
204 | Username did not match client certificate. |
205 | Could not connect to LDAP server. |
206 | Missing credentials. |
207 | Invalid authentication token. |
208 | Authentication token has expired. |
209 | User password has expired. |
220 | Insufficient permissions. |
221 | User is not authorized to perform this operation at this time. |
230 | Authentication required. |
231 | User must reauthenticate. |
240 | Client certificate required. |
241 | Invalid client certificate. |
242 | Client certificate IP address field required. |
243 | Invalid client certificate IP address field. |
244 | Client IP address did not match client certificate IP address field. |
245 | SSL connection failed (no shared ciphers) |
264 | Need to authenticate. |
280 | User is not authorized to connect to the SQL Parse Server. |
Cryptographic Errors
This section lists cryptographic errors.
Error Number | Description |
---|---|
300 | Could not perform cryptographic operation. |
301 | Total data size is too long for this cipher. |
302 | Total data size is not a multiple of cipher block size. |
303 | Invalid padding; encrypted data may have been corrupted. |
304 | Cryptographic operation failed in cipher update. |
305 | Cryptographic operation failed in cipher final. |
306 | Cryptographic operation failed in cipher operation. |
307 | Cryptographic operation failed in cipher mac. |
308 | Cryptographic operation failed in cipher macv. |
309 | Cryptographic operation failed in cipher sign. |
310 | Cryptographic operation failed in cipher signv. |
320 | Failed to encode data in base 64. |
321 | Encrypt all supports only DATASINGLE. |
322 | Key version specified in the CryptoRequest does not match with the key version encrypting the data. You must encrypt and decrypt with the same version of the key. |
1300 | Invalid or missing operations list. |
1301 | Invalid or missing operation name. |
1302 | Invalid operation. |
1303 | Operation requires an algorithm. |
1304 | Invalid operation/algorithm pair. |
1320 | Invalid or missing algorithm. |
1321 | Unknown algorithm. |
1322 | Algorithm requires a key. |
1323 | Invalid algorithm/key pair. |
1324 | NAE certificate is not valid for crypto, because it is inactive or unsigned. |
1327 | Key is not Symmetric Key |
1330 | Invalid or missing derivation algorithm |
1340 | Invalid IV. |
1341 | Algorithm requires IV. |
1342 | Algorithm does not require IV. |
1343 | Invalid IV size. |
1344 | Invalid or missing MAC value for MAC verification. |
1345 | Invalid or missing signature value for signature verification. |
1350 | Could not decode ciphertext header. |
1360 | Invalid or missing data size. |
1371 | Invalid or missing DB column ID. |
Key Errors
This section lists key errors.
Error Number | Description |
---|---|
400 | Failed to change key owner. |
401 | Failed to set custom attributes. |
402 | Duplicate custom attribute name found. |
403 | Custom attribute value is not base 64 encoded. |
404 | Exceeded maximum number of custom attributes. |
405 | Exceeded maximum size for custom attribute name. |
406 | Exceeded maximum size for custom attribute value. |
407 | Exceeded maximum total size for custom attributes. |
408 | Invalid owner name specified in request. |
409 | Failed to create new key version. |
410 | Exceeded maximum active versions. |
411 | Invalid custom attribute name. |
414 | Unsupported wrap format for key export. |
419 | Invalid or empty wrap public key. |
420 | Invalid or empty wrap format. |
1107 | Cannot specify both WrapSymmetricKeyName and WrapKeyName. |
1108 | Cannot specify both WrapKeyName and WrapPublicKey. |
1400 | Invalid or missing key name. |
1401 | Unknown key name or insufficient permissions. |
1403 | Could not initialize key. |
1404 | The key that was being used has been deleted or modified. |
1405 | Invalid key version. |
1406 | Key has no active versions. |
1407 | Password is not base 64 encoded. |
1412 | Invalid or missing IKM key name. |
1413 | Key version state is allowed only for versioned key. |
1420 | Could not generate key. |
1421 | Could not import key. |
1422 | Key already exists. |
1423 | Invalid or missing key data. |
1424 | Unsupported key size. |
1425 | Invalid key size. |
1426 | Invalid permissions. |
1427 | Global key cannot have group permissions. |
1428 | Maximum key capacity has been reached. |
1429 | Invalid key state. |
1430 | Weak DES key. |
1431 | Invalid or Unsupported curve. |
1432 | Missing curveID. |
1435 | Invalid or Unsupported SALT value. |
1436 | Invalid or Unsupported INFO value. |
1440 | Key is not exportable. |
1441 | Key export is not supported by this device. |
1442 | Replication password not set. |
1443 | Key is not asymmetric. |
1444 | Cannot specify both WrapKeyName and WrapKey. |
1445 | Invalid or missing wrapping algorithm. |
1446 | Invalid or missing wrapping key name. |
1447 | Invalid key format. |
1448 | Password is only needed when key is exported in PKCS#12 format. |
1449 | Password is required when key is exported in PKCS#12 format. |
1450 | Key is not deletable. |
1451 | Key cannot be deleted because it is used by one or more profiles. |
1460 | Security settings do not allow global key usage. |
1461 | Security settings do not allow this key size for this algorithm. |
1462 | Security settings do not allow this key size for certificates. |
1463 | Security settings do not allow RSA encryption or decryption. |
1464 | Exceeded maximum number of keys for key query. |
1472 | Secret Object is not a key. |
1473 | Invalid ID Type. |
1474 | A key with alias already exists. |
1475 | Unknown key alias or insufficient permissions. |
1476 | Key rotation frequency must be an integer greater than or equal to 0. |
1477 | Duplicate alias found. |
1478 | Could not delete default alias. |
1479 | Invalid or missing charset. |
1481 | Export Format PKCS12 or PKCS1 is not supported for curve x25519. |
1564 | Either Password or PasswordIdentifier must be provided for PBE Wrap. |
1565 | Both Password and Password identifier cannot be passed simultaneously for PBE wrap. |
1566 | Invalid Hash Algorithm. |
1567 | Salt length should be at least 8 bytes for password based encryption. |
1568 | Iteration should be in range of 1 to 1,00,00,000 for password based encryption. |
1569 | Derive key length should be in range of 14 to 512 bytes for password based encryption. |
1570 | Invalid WrapFormat specified. |
1571 | RSA key encryption key size should be greater than or equal to RSA data encryption key size. |
1572 | Minimum size of the RSA wrap key for RSA-AES-WRAP should be 2048-bit. |
1573 | AES key size must be minimum 192-bit for RSA 4096-bit data encryption key. |
Certificate Errors
This section lists certificate errors.
Error Number | Description |
---|---|
1500 | Could not generate certificate request. |
1501 | Could not sign certificate request. |
1502 | Could not install certificate. |
1510 | Unknown certificate request. |
1511 | Unknown certificate. |
1512 | Could not export certificate. |
1520 | Invalid or missing certificate name. |
1521 | Invalid or missing certificate. |
1522 | Missing common name. |
1523 | Invalid organization name. |
1524 | Invalid organization unit name. |
1525 | Invalid locality name. |
1526 | Invalid state or province name. |
1527 | Missing country name. |
1528 | Invalid email. |
1529 | Invalid or missing CA name. |
1530 | Certificate or key already exists with this name. |
1531 | Certificate name cannot be '.' and cannot contain '..' or '/'. |
1532 | Certificate name cannot be longer than 64 characters. |
1533 | Key size must be 768, 1024, or 2048. |
1534 | Country name must be two characters. |
1535 | Common name cannot be longer than 64 characters. |
1536 | Common name cannot be blank. |
1537 | Email cannot be longer than 40 characters. |
1540 | Unknown certificate. |
1541 | Failed to load certificate for export. |
1542 | Only certificates allow a subject. |
1543 | Certificate requires a subject. |
1544 | Only certificates allow extensions. |
1545 | Unsupported extension. |
1546 | Invalid or missing certificate data format. |
1547 | Key is not a certificate request. |
1548 | Key is not a certificate. |
1549 | Invalid or missing certificate usage. |
1550 | Invalid or missing certificate expiry. |
1561 | Certificate authority not found. |
User and Group Errors
This section lists user and group errors.
Error Number | Description |
---|---|
1600 | Missing username. |
1601 | Invalid username. |
1602 | User already exists. |
1603 | User does not exist. |
1604 | 'Global' user cannot be created. |
1620 | Missing password. |
1621 | Invalid password. |
1622 | Password is too weak. |
1640 | Missing group name. |
1641 | Invalid group name. |
1642 | Group already exists. |
1643 | Group does not exist. |
1660 | Cannot delete the owner of a key. |
1670 | Operation not supported with LDAP user directory. |
Backend Request Errors
This section lists backend request errors.
Error Number | Description |
---|---|
1800 | Communication failure. |
Record Event Errors
This section lists backend request errors.
Error Number | Description |
---|---|
1900 | Message size not specified. |
1901 | Invalid message size. |
1902 | Invalid or missing message. |
1903 | Exceeded message size. |
Secret Object Errors
Error Number | Description |
---|---|
1950 | Secret Object already exists. |
1951 | Could not import Secret Object. |
1952 | Missing Secret Object name. |
1953 | Invalid or missing Secret Object type. |
1954 | Invalid or missing Secret Object data. |
1955 | Unknown Secret Object name or insufficient permissions. |
1956 | Secret Object is not exportable. |
1957 | Secret Object is not deletable. |
1958 | Global secret object cannot have group permissions. |
1959 | Cannot specify both ObjectName and Alias. |
1960 | Duplicate alias found. |
1961 | A Cryptographic object with alias already exists. |
1962 | Unknown secret alias or insufficient permissions. |