SafeNet MSSQL EKM Provider User Guide Version 4.8.5 Documentation Version: 20080705
Copyright Information 2009 SafeNet, Inc. All rights reserved All intellectual property is protected by copyright. All trademarks and product names used or referred to are the copyright of their respective owners. No part of this document may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, chemical, photocopy, recording or otherwise without the prior written permission of SafeNet. SafeNet makes no representations or warranties with respect to the contents of this document and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, SafeNet reserves the right to revise this publication and to make changes from time to time in the content hereof without the obligation upon SafeNet to notify any person of organization of any such revisions or changes. SafeNet invites constructive comments on the contents of this document. These comments, together with your personal and/ or company details, should be sent to the address below. 4690 Millennium Drive Belcamp, Maryland 21017 USA Disclaimers The foregoing integration was performed and tested only with specific versions of equipment and software and only in the configuration indicated. If your setup matches exactly, you should expect no trouble, and Customer Support can assist with any missteps. If your setup differs, then the foregoing is merely a template and you will need to adjust the instructions to fit your situation. Customer Support will attempt to assist, but cannot guarantee success in setups that we have not tested. This product contains software that is subject to various public licenses. The source code form of such software and all derivative forms thereof can be copied from the following website: http://c3.safenet-inc.com/ We have attempted to make these documents complete, accurate, and useful, but we cannot guarantee them to be perfect. When we discover errors or omissions, or they are brought to our attention, we endeavor to correct them in succeeding releases of the product. Technical Support If you encounter a problem while installing, registering or operating this product, please make sure that you have read the documentation. If you cannot resolve the issue, please contact your supplier or SafeNet support. SafeNet support operates 24 hours a day, 7 days a week. Your level of access to this service is governed by the support plan arrangements made between SafeNet and your organization. Please consult this support plan for further information about your entitlements, including the hours when telephone support is available to you. Technical Support Contact Information: Phone: 800-545-6608, 410-931-7520 Email: support@safenet-inc.com
Table of Contents CHAPTER 1 OVERVIEW................................... 3 Supported Platforms.............................................. 3 Supported Algorithms and Key Size................................... 3 CHAPTER 2 INSTALLING THE SAFENET MSSQL EKM PROVIDER........... 4 CHAPTER 3 Installing the MSSQL EKM Provider................................... 4 Uninstalling the MSSQL EKM Provider................................. 7 CONFIGURING THE SAFENET MSSQL EKM PROVIDER IN THE SQL SERVER DATABASE............................. 11 Enabling EKM in Your SQL Server Database........................... 11 Loading the DLL................................................ 11 Creating Credentials with SQL Server................................ 12 CHAPTER 4 USING THE SAFENET MSSQL EKM PROVIDER............ 13 CHAPTER 5 Viewing the Provider Properties..................................... 13 Viewing the Supported Algorithms................................... 14 Creating a Key on the DataSecure................................... 14 Open an Existing Key in the Database................................ 15 Viewing All Keys in the Database................................... 15 Viewing All of a User s Keys on the DataSecure......................... 15 Dropping a Key From the Database.................................. 15 Dropping a Key From the DataSecure................................ 16 Encrypting and Decrypting Data.................................... 16 Encrypting Data.......................................... 16 Decrypting Data......................................... 16 USING THE SAFENET MSSQL EKM PROVIDER WITH TRANSPARENT DATABASE ENCRYPTION...................... 18 Enabling TDE Using SafeNet s MSSQL EKM Provider..................... 18 Creating an Asymmetric Key Protected by the MSSQL EKM Provider.......... 19 Creating a Credential Protected by the Asymmetric Key.................... 19 Creating a Symmetric Database Encryption Key......................... 20
TABLE OF CONTENTS 2 Setting Encryption for the Database.................................. 20 Verifying Which Tables are Encrypted Using TDE........................ 21 CHAPTER 6 TROUBLESHOOTING............................. 22 Cannot Create RSA-512, DES, or RC4 Keys on the DataSecure.............. 22 How to Use a Hyphen in a Domian Name............................. 23 How to Remove a Key from the DataSecure............................ 23 CHAPTER 7 ERROR CODES AND MESSAGES..................... 24 Initialization/Configuration........................................ 24 General...................................................... 25 Authentication................................................. 25 Crypto....................................................... 25 Server Communications.......................................... 25
CHAPTER 1 Overview This chapter covers the following topics: Supported Platforms 3 Supported Algorithms and Key Size 3 Supported Platforms The SafeNet MSSQL EKM Provider supports MSSQL Server 2008 on the following platforms: Windows Server 2003 32-bit Windows Server 2008 32-bit Supported Algorithms and Key Size The SafeNet MSSQL EKM Provider supports the following algorithm/key size combinations: Algorithm Bit Length IV Length RC4 40 64 RC4 128 64 DES 64 64 Triple DES 128 64 Triple DES 3 key 192 64 AES 128 128 AES 192 128 AES 256 128 AES 512 128 RSA 512 n/a RSA 1024 n/a RSA 2048 n/a
CHAPTER 2 Installing the SafeNet MSSQL EKM Provider This chapter contains the following information: Installing the MSSQL EKM Provider 4 Uninstalling the MSSQL EKM Provider 7 Installing the MSSQL EKM Provider The InstallShield Wizard installs the following files in the installation directory: IngrianNAE.properties - This file contains the parameters that your client will use when communicating with the DataSecure appliance. This includes DataSecure IP, port, and communication protocol, as well as connection timeout values. The file also contains parameters that govern client-side features such as connection pooling, local encryption and logging. ingsqlekm.dll - This is the provider library that will be loaded into your MS SQL Server database. The wizard also creates the following registry entries in My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Ingrian\SQLEKM\: ConfigFileName - Holds the location of the IngrianNAE.properties file. InstallDir - Holds the name of the installation directory.
INSTALLING THE SAFENET MSSQL EKM PROVIDER 5 To install the provider: 1 Download and unzip the SafeNet software. 2 Double-click setup.exe to launch the InstallShield Wizard. The Welcome screen appears. Click Next. 3 Click Change to select a different location. Otherwise, click Next to accept the directory shown.
INSTALLING THE SAFENET MSSQL EKM PROVIDER 6 4 The installer now has all of the necessary information. Click install to begin the installation. 5 The installer displays the progress of the installation.
INSTALLING THE SAFENET MSSQL EKM PROVIDER 7 6 After the files are installed, click Finish to complete the installation. Uninstalling the MSSQL EKM Provider The InstallShield Wizard also allows you to uninstall the provider. If the wizard detects that the provider has already been installed, it enables you to remove the current installation. During an uninstall, the wizard deletes the following files: IngrianNAE.properties ingsqlekm.dll and it removes the following registry entries: My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Ingrian\SQLEKM\ConfigFileName My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Ingrian\SQLEKM\InstallDir WARNING! Do not uninstall the provider is you still have encrypted data in your database. Decrypt the data before uninstalling the provider.
INSTALLING THE SAFENET MSSQL EKM PROVIDER 8 To uninstall the provider: 1 Double-click setup.exe to launch the InstallShield Wizard. The wizard detects the current installation. Click Next to access the Program Maintenance screen. 2 Select Remove and click Next.
INSTALLING THE SAFENET MSSQL EKM PROVIDER 9 3 Click Remove to unistall the provider. 4 The installer displays the progress of the installation.
INSTALLING THE SAFENET MSSQL EKM PROVIDER 10 5 After the files are uninstalled, click Finish to complete the process.
CHAPTER 3 Configuring the SafeNet MSSQL EKM Provider in the SQL Server Database To configure the provider in the SQL Server Database, you must enabled EKM, load the dll, and create credentials for a database user. All of these procedures are described below. This chapter contains the following information: Enabling EKM in Your SQL Server Database 11 Loading the DLL 11 Creating Credentials with SQL Server 12 Enabling EKM in Your SQL Server Database Execute the following commands on the SQL Server to enable EKM. sp_configure 'show advanced options', 1; RECONFIGURE; sp_configure 'EKM provider enabled', 1; RECONFIGURE; Loading the DLL Note: Before loading the dll, you must configure the IngrianNAE.properties file. At a minimum, you must set the NAE_IP and Log_File parameters. To load the dll, execute the following command: CREATE CRYPTOGRAPHIC PROVIDER safenetsqlekm FROM FILE = 'C:\Program Files\Ingrian\SQLEKM\ingsqlekm.dll' Note: Alter the file location if you did not accept the default installation directory.
CONFIGURING THE SAFENET MSSQL EKM PROVIDER IN THE SQL SERVER DATABASE 12 This will create a new cryptographic provider named safenetsqlekm. Provider name is visible under Security\Cryptographic Providers in SQL Server Management Studio. Creating Credentials with SQL Server To create a SQL credential, execute the following commands: CREATE CREDENTIAL TestEKMCred WITH IDENTITY='<DataSecureUser>', SECRET='<DataSecureUserPassword>' FOR CRYPTOGRAPHIC PROVIDER safenetsqlekm Note: You must use a user/password combination that exists on the DataSecure. This will create a new credential named TestEKMCred. The credential is visible under Security\Credentials in SQL Server Management Studio. To map this new credential to an existing login on the SQL Server, execute the following commands: ALTER LOGIN sa ADD CREDENTIAL TestEKMCred
CHAPTER 4 Using the SafeNet MSSQL EKM Provider Once the SafeNet SQL EKM Provider is installed and EKM is enabled, the database user accesses the provider using SQL commands. This chapter contains the following topics: Viewing the Provider Properties 13 Viewing the Supported Algorithms 14 Creating a Key on the DataSecure 14 Open an Existing Key in the Database 15 Viewing All Keys in the Database 15 Viewing All of a User s Keys on the DataSecure 15 Dropping a Key From the Database 15 Dropping a Key From the DataSecure 16 Encrypting and Decrypting Data 16 Viewing the Provider Properties To view the provider properties, execute the following command: SELECT [provider_id], [guid], [provider_version], [sqlcrypt_version], [friendly_name], [authentication_type], [symmetric_key_support], [symmetric_key_persistance], [symmetric_key_export], [symmetric_key_import], [asymmetric_key_support], [asymmetric_key_persistance], [asymmetric_key_export], [asymmetric_key_import] FROM [master].[sys].[dm_cryptographic_provider_properties] Note: You'll need the provider_id to query the database for supported algorithms.
USING THE SAFENET MSSQL EKM PROVIDER 14 Viewing the Supported Algorithms To view the supported algorithms, execute the following command: SELECT * FROM sys.dm_cryptographic_provider_algorithms(<your_provider_id>) For example, SELECT * FROM sys.dm_cryptographic_provider_algorithms(65593) Creating a Key on the DataSecure Note: To create keys from the provider, you must select Allow Key and Policy Configuration Operations in the NAE Server Settings section of the DataSecure's Management Console. Otherwise all attempts to create a key will fail. The provider commands used to create a key on the DataSecure also open that key in the database. Once the key is opened in the database, you can use it for cryptographic operations. To create a new key on the DataSecure, execute the following command: CREATE ASYMMETRIC KEY <key name in database> FROM Provider <provider name> WITH ALGORITHM = <algorithm>, PROVIDER_KEY_NAME = '<key name on DataSecure>', CREATION_DISPOSITION=CREATE_NEW For example, CREATE ASYMMETRIC KEY SQL_EKM_RSA_1024_Key FROM Provider safenetsqlekm WITH ALGORITHM = RSA_1024, PROVIDER_KEY_NAME = 'EKM_RSA_1024_Key', CREATION_DISPOSITION=CREATE_NEW This will create a new asymmetric key on the DataSecure with the name "EKM_RSA_1024_Key"; algorithm type for the key is "RSA_1024". This will also open the key in the database. The corresponding key name on the SQL server is "SQL_EKM_RSA_1024_Key". Note: You'll need to modify this statement to match your key name and preferred algorithm. To create a symmetric key, the statement must start with CREATE SYMMETRIC KEY.
USING THE SAFENET MSSQL EKM PROVIDER 15 Open an Existing Key in the Database When you want to access a key that already exists on the DataSecure, you'll need to open that key in the database. To open a key in the database, execute the following command: CREATE ASYMMETRIC KEY <key name in database> FROM Provider <provider name> WITH PROVIDER_KEY_NAME = '<key name on DataSecure>', CREATION_DISPOSITION=OPEN_EXISTING This will create a new asymmetric key on the SQL server with the name "SQL_EKM_RSA_1024_Key" using the existing key "EKM_RSA_1024_Key" on DataSecure. Note: You'll need to modify this statement to match your key name. To open a symmetric key, the statement must start with CREATE SYMMETRIC KEY. Viewing All Keys in the Database To view all keys currently in the database, execute the following statements: Select * from [master].[sys].[asymmetric_keys] Select * from [master].[sys].[symmetric_keys] Viewing All of a User s Keys on the DataSecure To view all of the user's keys on the DataSecure, execute the following statement: SELECT * FROM sys.dm_cryptographic_provider_keys(providerid) Dropping a Key From the Database To drop an asymmetric key from the database, execute the following statement: DROP ASYMMETRIC KEY <key name> This will remove the key only from the database. The key will remain on the DataSecure. For example, DROP ASYMMETRIC KEY SQL_EKM_RSA_1024_Key To drop a symmetric key, use the DROP SYMMETRIC KEY statement.
USING THE SAFENET MSSQL EKM PROVIDER 16 Dropping a Key From the DataSecure To drop a key from the database and remove it from the DataSecure, execute the following statement: DROP ASYMMETRIC KEY <key name> REMOVE PROVIDER KEY To drop a symmetric key, use the DROP SYMMETRIC KEY statement. Encrypting and Decrypting Data The following examples rely on this table: Create table dbo.test1 (Id int not null, FName varchar(max) not null, LName varchar(max) not null) Encrypting Data To encrypt data, you call the following procedures: EncryptByAsymKey - for encryption by asymmetric keys. EncryptByKey - for encryption by symmetric keys. For example, to encrypt with an asymmetric key, execute the following statement: INSERT INTO dbo.test1 values(2,'ankit2', EncryptByAsymKey(AsymKey_Id('SQL_EKM_RSA_1024_Key'), 'mehra2')) To encrypt with a symmetric key, execute the following statement: INSERT INTO dbo.test1 values( 6,'ankit6',EncryptByKey(Key_GUID('SQL_EKM_AES_256_Key'), 'mehra6')) Decrypting Data To decrypt data, you call the following procedures: DecryptByAsymKey - for decryption by asymmetric keys. DecryptByKey - for decryption by symmetric keys. For example, to decrypt with an asymmetric key, execute the following statement: SELECT Id,FName, CONVERT(varchar(max),DecryptByAsymKey(AsymKey_Id('SQL_EKM_RSA_1024_Key'), LName)) LName FROM dbo.test1 where id =2
USING THE SAFENET MSSQL EKM PROVIDER 17 To decrypt with a symmetric key, execute the following statement: SELECT Id,FName,CONVERT(varchar(MAX),DecryptByKey(LName)) LName FROM dbo.test1 where id =6
CHAPTER 5 Using the SafeNet MSSQL EKM Provider with Transparent Database Encryption When Transparent Database Encryption (TDE) is enabled on your MS SQL Server, a Database Encryption Key (DEK) is created on the database server. The DEK encrypts database pages as they are written to disk, and decrypts pages as they are read. You can provide an extra level of security by using a DataSecure key to encrypt the DEK itself. This chapter contains the following topics: Enabling TDE Using SafeNet s MSSQL EKM Provider 18 Creating an Asymmetric Key Protected by the MSSQL EKM Provider 19 Creating a Credential Protected by the Asymmetric Key 19 Creating a Symmetric Database Encryption Key 20 Setting Encryption for the Database 20 Verifying Which Tables are Encrypted Using TDE 21 Enabling TDE Using SafeNet s MSSQL EKM Provider The procedure for using the SQLEKM Provider with TDE varies slightly from the regular SQLEKM configuration. Most notably, you must create a credential that is protected by the asymmetric key used to encrypt the DEK. To enable TDE using SafeNet's SQLEKM Provider: 1 Install the EKM provider as described in Chapter 2, Installing the SafeNet MSSQL EKM Provider. 2 Enable EKM in your SQL Server Database, load the DLL, and create credentials in SQL Server, as described in Chapter 3, Configuring the SafeNet MSSQL EKM Provider in the SQL Server Database. 3 Create an asymmetric key protected by the MSSQL EKM Provider.
USING THE SAFENET MSSQL EKM PROVIDER WITH TRANSPARENT DATABASE ENCRYPTION 19 4 Create a credential protected by the asymmetric key for use by the Database Engine. 5 Create a symmetric database encryption key. 6 Enable TDE using the database encryption key. Steps 3 through 6 are described below. Creating an Asymmetric Key Protected by the MSSQL EKM Provider You must create an asymmetric key that will secure the DEK. To create a new key on the DataSecure, execute the following command: CREATE ASYMMETRIC KEY <key name in database> FROM Provider <provider name> WITH ALGORITHM = <algorithm>, PROVIDER_KEY_NAME = '<key name on DataSecure>', CREATION_DISPOSITION=CREATE_NEW For example, CREATE ASYMMETRIC KEY SQL_EKM_RSA_1024_Key FROM Provider safenetsqlekm WITH ALGORITHM = RSA_1024, PROVIDER_KEY_NAME = 'EKM_RSA_1024_Key', CREATION_DISPOSITION=CREATE_NEW Note: Be sure to select an asymmetric algorithm: RSA_512, RSA_1024, or RSA_2048. Important! Be sure to back up this key! If you lose the key use to encrypt the DEK, you will not be able to access your database! Creating a Credential Protected by the Asymmetric Key 1 Execute the following statement to create a credential that will be used by the Database Engine: CREATE CREDENTIAL <ekm_tde_cred> WITH IDENTITY = '<DataSecure_user>', SECRET = '<DataSecure_user_password>' FOR CRYPTOGRAPHIC PROVIDER <provider_name> ; 2 Execute the following statement to add a login used by TDE, and add the new credential to the login:
USING THE SAFENET MSSQL EKM PROVIDER WITH TRANSPARENT DATABASE ENCRYPTION 20 CREATE LOGIN <EKM_Login> FROM ASYMMETRIC KEY <asymmetric_key_name> ; GO ALTER LOGIN <EKM_Login> ADD CREDENTIAL <ekm_tde_cred> ; GO Creating a Symmetric Database Encryption Key The DEK will encrypt your database. Create the DEK in the master database. To create the DEK: 1 Change to the database that will be encrypted: USE AdventureWorks ; GO 2 Execute the following code to create the database encryption key that will be used for TDE: CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = <algorithm> ENCRYPTION BY SERVER ASYMMETRIC KEY <key name on DataSecure> ; GO 3 Execute the following code to alter the database to enable transparent data encryption: ALTER DATABASE AdventureWorks SET ENCRYPTION ON ; GO The database is now stored in an encrypted format. Setting Encryption for the Database After DEK is created, you must alter the database to set the encryption on. To set encryption on, execute the following command: ALTER DATABASE <database_name> SET ENCRYPTION ON; To disable encryption, execute the following command: ALTER DATABASE <database_name> SET ENCRYPTION OFF;
USING THE SAFENET MSSQL EKM PROVIDER WITH TRANSPARENT DATABASE ENCRYPTION 21 Verifying Which Tables are Encrypted Using TDE To verify which tables are encrypted with the DEK, execute the following command: SELECT DB_NAME(e.database_id) AS DatabaseName, e.database_id, e.encryption_state, CASE e.encryption_state WHEN 0 THEN 'No database encryption key present, no encryption' WHEN 1 THEN 'Unencrypted' WHEN 2 THEN 'Encryption in progress' WHEN 3 THEN 'Encrypted' WHEN 4 THEN 'Key change in progress' WHEN 5 THEN 'Decryption in progress' END AS encryption_state_desc, c.name, e.percent_complete FROM sys.dm_database_encryption_keys AS e LEFT JOIN master.sys.asymmetric_keys AS c ON e.encryptor_thumbprint = c.thumbprint All databases on the server are included in the results of this command. Those databases with encryption on are listed as 'Encrypted'. Those databases with encryption off are listed as 'Unencrypted'.
CHAPTER 6 Troubleshooting This chapter contains the following topics: Cannot Create RSA-512, DES, or RC4 Keys on the DataSecure 22 How to Use a Hyphen in a Domian Name 23 How to Remove a Key from the DataSecure 23 Cannot Create RSA-512, DES, or RC4 Keys on the DataSecure If your DataSecure utilizes our high security features, some algorithms supported by the EKM Provider are disallowed by the DataSecure. Requests to create the following keys will result in error code 103: DES RC4 RC4_128 RSA_512 To resolve this problem, you can either disable the high security feature on the DataSecure or use one of algorithms supported by both the provider and the high security feature: AES_128 AES_192 AES_256 RSA_1024 RSA_2048 TRIPLE_DES TRIPLE_DES_3KEY
TROUBLESHOOTING 23 How to Use a Hyphen in a Domian Name If your domain name includes a hyphen, you must enclose the name in brackets. CREATE LOGIN [<domain-name>\<loginname>] FROM WINDOWS; For example, the follow statement creates a user in the SFNT-ABBA domain: Create login [sfnt-abba\bandersson] FROM WINDOWS; To add a credential to a login, execute the following SQL statement: Alter login [<domain-name\<loginname>] Add credential <credentialname> How to Remove a Key from the DataSecure After using the SQLEKM Provider to create a key on SQL Server and DataSecure, the following statement will remove the key from SQL Server only: DROP ASYMMETRIC KEY <key name in database> Once you execute that statement, you cannot use the provider to remove the key from the DataSecure. You must log into the DataSecure and remove the key there or you can create the SQL key using CREATE_DISPOSITION=OPEN_NEW and then drop the key using DROP ASYMMETRIC KEY REMOVE PROVIDER KEY. To drop the key from the DataSecure using the provider, execute the following statements: DROP ASYMMETRIC KEY <key name in database> REMOVE PROVIDER KEY
CHAPTER 7 Error Codes and Messages This section describes the error messages that can be produced by the SafeNet provider. It is divided into the following categories: Initialization/Configuration General Authentication Crypto Server Communications Note: Error Code 0 is reserved for I_E_OK, which means that no error was produced. Initialization/Configuration Error I_E_ALREADY_INITIALIZED I_E_INVALID_INITIALIZE_PATH I_E_INVALID_INITIALIZE_SOURCE I_E_LIBRARY_UNINITIALIZED I_E_PROTOCOL_VERSION_MISMATCH I_E_PROPERTIES_SOURCE_NOT_FOUND I_E_PROPERTIES_FILE_NOT_FOUND I_E_NO_NAE_SERVERS I_E_CONF_FILE_VERSION_MISMATCH I_E_INVALID_PROPERTY I_E_CANNOT_WRITE_TO_LOG_FILE I_E_NAE_IP_PROPERTY_FORMAT_INVALID Error Message Library already initialized. Properties environment variable is empty. Invalid I_T_InitializationSource. Library is not initialized. Server does not support any of the protocols this client supports. Can t find a source for properties. Specified properties file not found. No NAE servers were specified in the NAE_IP property. Unsupported properties file version. Invalid properties file property. Cannot write to the file specified in the Logfile property. Illegal address in the NAE_IP property.
ERROR CODES AND MESSAGES 25 General Error I_E_NO_MEM I_E_INVALID_PARAM I_E_INVALID_SESSION I_E_INVALID_OBJECT Error Message Out of Memory. Invalid function parameter. Invalid session handle. Invalid object handle. Authentication Error I_E_INVALID_AUTH_TYPE I_E_UNSUPPORTED_AUTH_TYPE I_E_LOGGED_OUT I_E_MISSING_AUTH_INFO Error Message Session authentication type is invalid. Unsupported authentication type. Cannot log back in to a logged out session. Authentication argument missing. Crypto Error I_E_SHORT_RANDOM I_E_KEY_NOT_EXPORTABLE I_E_SERVER_DOES_NOT_SUPPORT_BULK I_E_TOO_FEW_OPERATIONS_FOR_BULK I_E_INITIALIZATION_FAILED I_E_CRYPTO_BUFFER_TOO_SMALL I_E_UNSUPPORTED_ALGORITHM I_E_INCORRECT_KEY_TYPE I_E_LOCAL_CRYPT_GENERIC_ERROR I_E_CANNOT_ENABLE_KEY_CACHE Error Message I_Random delivered fewer than requested bytes. Key is not exportable. Server does not support Bulk operation. Bulk array is too small. Initialization failed. Output buffer is too small. Algorithm is not supported. Incorrect key type for import. Generic local cryptography error. Cannot enable key cache. Server Communications Error I_E_CONNECTION_FAILED I_E_SERVER_UNAVAILABLE I_E_SERVER_DOES_NOT_BATCH Error Message Cannot obtain a connection to a server. Server unavailable. Server does not support batching.
ERROR CODES AND MESSAGES 26 Error Error Message I_E_CONNECTION_READ_ERROR Server unavailable: read error. I_E_CONNECTION_WRITE_ERROR Server unavailable: write error. I_E_CONNECTION_ERROR Generic server error. I_E_CONNECTION_FATAL_ERROR Connection error. I_E_CONNECTION_NONFATAL_ERROR Connection error. I_E_CONNECTION_INVALID_RESPONSE Connection error: invalid response. I_E_CONNECTION_INVALID_DATA_SIZE Connection error: invalid data size. I_E_CONNECTION_BUFFER_FULL Connection error: buffer full. I_E_CONNECTION_NO_MEM Connection error: out of memory. I_E_CONNECTION_INVALID_XML Connection error: protocol error. I_E_CONNECTION_INVALID Connection error: invalid command. I_E_UNKNOWN_SERVER_ERROR Unknown server error. I_E_SERVER_AUTHENTICATION_FAILED Authentication failed. I_E_SERVER_OPERATION_UNKNOWN Unknown operation. I_E_INVALID_NAE_USER Invalid NAE username or password. I_E_NAE_AUTHENTICATION_REQUIRED NAE user authentication required. I_E_NAE_DATA_TOO_LONG New data too long for operation. I_E_DATA_SIZE_IS_NOT_BLOCK_SIZE_MULTIPLE Data not a multiple of cipher block size. I_E_INVALID_PADDING Invalid ciphertext padding. I_E_OPERATION_NOT_SUPPORTED Cryptographic operation not supported. I_E_INVALID_ALGORITHM_FOR_KEY Invalid algorithm for key. I_E_INVALID_DATA_SIZE Invalid data size. I_E_INVALID_KEY_NAME Invalid key name. I_E_UNKNOWN_KEY Unknown key. I_E_COULD_NOT_INITIALIZE_KEY NAE server could not initialize key. I_E_KEY_DELETED_OR_MODIFIED Key was deleted of modified on NAE server. I_E_COULD_NOT_GENERATE_KEY NAE server could not generate key. I_E_KEY_ALREADY_EXISTS Key exists on NAE server. I_E_UNSUPPORTED_KEY_SIZE NAE server does not support this key size. I_E_INVALID_KEY_SIZE Key size is invalid for this algorithm. I_E_INVALID_PERMISSIONS Invalid key permissions. I_E_GLOBAL_KEY_CANNOT_HAVE_PERMISSIONS Global keys may not have permissions. I_E_KEY_IS_NOT_DELETABLE The key is not deletable.
ERROR CODES AND MESSAGES 27 Error I_E_INVALID_IV I_E_INVALID_ALGORITHM Error Message Invalid IV. Invalid algorithm.