Firmware

HSM Return Codes

0 - zero

• SUCCESS
• Success code.
• The requested operation/function/task has been carried out successfully.

5000 - 80001388

• ERR_UNKNOWN
• An unknown scenario was encountered.
• The requested operation/function/task generated an unknown error. This condition should not occur in practice.

5001 - 80001389

• ERR_NET_FAIL
• Error in the network subsystem.
• Resets and timeouts common to TCP/IP can cause this error. Other (rare) scenarios: resource temporarily unavailable; incorrect address for connect; resources unavailable due to overload; specified server name or IP address is unavailable to local system; no route to specified network/server; connection refused.

5002 - 8000138A

• ERR_ACCESS_DENIED
• Access denied.
• The HSM security subsystem has denied access because the credentials presented are insufficient to execute the request. Authorization in the user partition by smart-cards in the 'm of n' scheme (PnAuth) can also block some operations (check its configuration in the local console).

5003 - 8000138B

• ERR_CANNOT_CREATE_OBJ
• Failure to create an object.
• The HSM storage layer was unable to create an obj (usually a key).

5004 - 8000138C

• ERR_CANNOT_OPEN_OBJ
• Failure to use an object.
• The HSM storage layer was unable to open/use an existing obj (usually a key). Check its id.

5005 - 8000138D

• ERR_CANNOT_DEL_OBJ
• Failure to remove an object.
• The HSM storage layer was unable to delete an obj (usually a key).

5006 - 8000138E

• ERR_CANNOT_ALLOC_RES
• There are not enough resources for the requisition.
• The HSM was unable to allocate/manage/use one or more resources for the execution of the request (usually memory).

5007 - 8000138F

• ERR_INVALID_CTX
• Invalid operational context.
• The equipment is capable of working with extremely large resources, broken down into smaller blocks. Operational contexts are used to manage this state (usually associated with hashes, hmacs, or symmetric keys). An unrecognized context was sent in the request.

5008 - 80001390

• ERR_INVALID_OPERATION
• Invalid request.
• Operations can be classified as invalid if one or more parameters are not recognized by the HSM, and/or are not valid in the context.

5009 - 80001391

• ERR_INVALID_KEY
• Key entered is invalid.
• It usually happens when a request tries to perform an operation with an invalid key type (e.g. entering a symmetric key id when performing digital signatures, which are tasks normally performed with asymmetric keys), or with an invalid id.

5010 - 80001392

• ERR_NO_TLS_USED
• Requests must be made through a secure channel.
• Operations that require confidentiality must be requested over a TLS channel, with session encryption. Examples: a) changing passwords; b) generating backups; c) actions on cold partitions;

5011 - 80001393

• ERR_CANNOT_CHANGE_PWD
• Password change cannot be performed.
• It happens in 2 scenarios: a) write failure in the storage layer, or b) shash derivation failed.

5012 - 80001394

• ERR_OBJ_NOT_EXPORTABLE
• Failure to extract an object (violation of security policy).
• Objects in the HSM can be saved using a generic security policy: a) they are exportable, or b) they are NOT exportable. Keys are usually stored in non-exportable mode, while certificates (by their very public nature) can be removed from the device. This error occurs whenever a request tries to retrieve the contents of non-exportable objects.

5013 - 80001395

• ERR_USR_ALREADY_EXISTS
• Failed to create an existing user.
• The storage and security layers work with partitions to isolate data. This error occurs when a user creation request is made using an existing partition identifier.

5014 - 80001396

• ERR_INVALID_USR_NAME
• Username entered is invalid.
• The security layer only allows user identifiers made up of alphanumeric characters (letters or numbers).

5015 - 80001397

• ERR_CANNOT_CREATE_USR
• User creation (sub)operation failed.
• User creation can fail with this code in the following scenarios: a) replication live-sync.

5016 - 80001398

• ERR_NO_MORE_LOG_SLOTS
• Remote logging unavailable.
• The log subsystem supports remote monitoring (for users with sufficient permissions, such as sys-operators). But there are a limited number of sessions that can receive the related events (currently 7), avoiding overloading the system.

5017 - 80001399

• ERR_CANNOT_DELETE_USR
• User removal (sub)operation failed.
• Removing users can fail with this code in the following scenarios: a) in requests to delete users ([a.1] when 1 or more objects of the corresponding partition are in use; [a.2] write failures in the storage layer), or b) live-sync replication.

5018 - 8000139A

• ERR_CANNOT_DELETE_MASTER
• The user master cannot be removed.
• The user master is special. He is the HSM 's system operator (from the factory), and cannot be removed.

5019 - 8000139B

• ERR_NOT_IMPLEMENTED
• The requested functionality is not implemented.
• No device module can perform the requested operation. Please contact the manufacturer (a firmware update may solve the problem).

5020 - 8000139C

• ERR_USR_NOT_FOUND
• User not located.
• A request was made for a non-existent user. Please check your partition identifier.

5021 - 8000139D

• ERR_INVALID_PAYLOAD
• The request sent invalid data.
• This is usually a sign of poorly formed content (e.g. corrupted files) or inappropriate parameters.

5022 - 8000139E

• ERR_OBJ_ALREADY_EXISTS
• Failed to create an existing object.
• The storage layer works with case-sensitive object identifiers and works by partitioning.

5023 - 8000139F

• ERR_INVALID_OBJ_NAME
• The object name entered is invalid.
• The security layer only accepts object identifiers made up of alphanumeric characters (letters or numbers) and '_' (an ASCII character whose value is equal to 0x5F).

5024 - 800013A0

• ERR_OBJ_IN_USE
• Object currently in use.
• The request cannot be executed because the object entered is open in some process.

5025 - 800013A1

• ERR_CANNOT_WRITE_BACKUP_BLOB
• Backup recording failed.
• The storage layer cannot write the backup image to disk. This occurs in the following scenarios: a) backup restore requests, or b) replication live-sync.

5026 - 800013A2

• ERR_CANNOT_OPEN_BACKUP_BLOB
• Failed to read backup.
• The storage layer cannot read the disk backup image. This occurs in the following scenarios: a) backup restore requests, or b) replication live-sync.

5027 - 800013A3

• ERR_CANNOT_RESTORE_BACKUP_BLOB
• Backup restore failed.
• The storage layer cannot prepare the image of the submitted backup. In order to properly update the system data, this image must be opened, processed and prepared for final saving by the local console (shell). This error occurs in: a) backup restore requests.

5028 - 800013A4

• ERR_INVALID_BACKUP_PIN_OR_LEN
• Backup image validation failed.
• An invalid backup may have been sent to the server. The problem usually lies in the PIN entered for decrypting the image. If the PIN is incorrect, the firmware cannot read the correct content. This error occurs in: a) backup restore requests.

5029 - 800013A5

• ERR_INVALID_XML_SIGNATURE
• Invalid DSig XML signature.
• The XML module checked a signature for compliance with RFC 3275, deeming it invalid. Further information on this standard can be found in the document ietf.org/rfc/rfc3275.txt.

5030 - 800013A6

• ERR_INVALID_CERTIFICATE
• The certificate entered is invalid.
• Occurs in the following scenarios: a) PKCS #7 signatures ([a.1] when the DER representation of the informed X.509 certificate cannot be loaded and/or decoded; [a.2] there is no correspondence between the certificate and its private key); b) SPB encode/decode/map/cert-import ([b.1] one of the required certificates is not a DER representation of X.509b.2] one of the certificates is not valid in ICP Brazil; [b.3] the PEM representation of the certificate is greater than 10kb); c) certificate association for authentication in the user partition (SA), when the informed X.509 DER representation cannot be loaded and/or decoded;

5031 - 800013A7

• ERR_VERIFY_XML_FAILED
• DSig XML signature verification failed.
• The XML module tried to verify a digital signature in the RFC 3275 standard, but errors occurred during the operation, and a more precise diagnosis cannot be detailed (occurs in memory allocation failures, IO, problems in the xml template, problems with certificates, etc).

5032 - 800013A8

• ERR_INVALID_XML
• DSig XML signature or verification failed.
• The XML module tried to generate or verify a signature in the RFC 3275 standard, but was unable to handle the XM provided (it is probably malformed/invalid).

5033 - 800013A9

• ERR_SIGN_XML_FAILED
• DSig XML signature failure.
• The XML module tried to generate a signature in the RFC 3275 standard, but errors occurred during the operation, and a more precise diagnosis cannot be detailed (occurs in memory allocation failures, IO, problems in the xml template, problems with certificates, etc).

5034 - 800013AA

• ERR_UPACK_VERIFY_FAILED
• Invalid firmware update package.
• Firmware updates are carried out via packages (upacks) submitted to the device. To prevent the entry of unsafe/malicious content and/or the execution of corrupted components, the upacks are digitally signed by the manufacturer and verified before being applied.

5035 - 800013AB

• ERR_CANNOT_TRUNCATE_LOG
• Failed to truncate the audit log.
• Audit logs have a maximum size of ~4GB, but can be truncated to free up system resources. This error usually signals problems at the storage layer: the HSM may be under extremely high loads, and/or physical disk problems are preventing the operation from running. Please try again in a few moments. If the error persists, a reboot of the device is recommended. If the log cannot be truncated after rebooting, please contact the manufacturer for further instructions.

5036 - 800013AC

• ERR_CANNOT_BACKUP_OLD_LOG
• Failed to save temporary image of audit logs.
• To truncate the audit logs atomically, a temporary internal copy may be required. In practice, this code is rarely used, and has been discontinued in more recent firmware versions.

5037 - 800013AD

• ERR_CERTIFICATE_EXPIRED
• The certificate provided has expired.
• A certificate is considered expired using the equipment's current date/time. It occurs in the following scenarios: a) SPB encode/decode/map/cert-import; b) CRL validation; c) DSig XML signing/verification in the RFC 3275 standard;

5038 - 800013AE

• ERR_CERTIFICATE_FAILED
• Certificate processing failure.
• In certain contexts - for example, when decoding the contents of a certificate - a certain error may have occurred, preventing a more precise diagnosis (e.g. memory allocation failures, IO problems, etc.). This occurs in: a) SPB decode requests (normally associated with GEN messages that trigger automatic certificate exchange operations); b) SPB cert-import; c) signing/verification of DSig XML in accordance with RFC 3275;

5039 - 800013AF

• ERR_CERTIFICATE_NOT_FOUND
• The certificate could not be found.
• Signing/verification of DSig XML to the standard of RFC 3275 cannot be performed, as the storage layer was unable to locate/open the certificate (can also occur when there are failures in extracting certificates in PKCS #7 messages/containers).

5040 - 800013B0

• ERR_CERTIFICATE_REVOKED
• The certificate provided is revoked.
• Occurs in the following scenarios: a) CRL validation; b) XML DSig signing/verification in accordance with RFC 3275;

5041 - 800013B1

• ERR_CERTIFICATE_ISSUER_FAILED
• The issuer of the certificate is invalid/unknown.
• The XML module tried to generate/verify a signature in the RFC 3275 standard, but 1 or more certificates in the chain of trust were not identified.

5042 - 800013B2

• ERR_CERTIFICATE_NOT_YET_VALID
• The certificate is not yet valid.
• Using the current HSM date/time as a reference, the informed certificate is not yet valid for use (i.e. its initial date/time is an event in the future). Occurs in the following scenarios: a) CRL validation; b) DSig XML signing/verification in the RFC 3275 standard;

5043 - 800013B3

• ERR_CERT_EXPIRED_SIGN_VALID
• A valid DSig XML signature was made with an expired certificate.
• The verification of XML DSig in the RFC 3275 standard was successful, but the certificate used in the process is expired (a "dated verification" was made; the signature was valid at the time of generation, and is still correct, if the expiration of the certificate used - taking the current date/time of the HSM as a reference - is disregarded).

5044 - 800013B4

• ERR_CRL_EXPIRED
• The list of revoked certificates (CRL) is expired.
• CRL validation has failed because it is expired (current date/time of the device used as a reference).

5045 - 800013B5

• ERR_INVALID_CRL_SIGN
• The signature of the revoked certificate list (CRL) is invalid.
• CRL signature verification failed (more details in RFC 2459).

5046 - 800013B6

• ERR_CRL_CERT_MISMATCH
• The issuer of the certificate revocation list (CRL) is invalid.
• Verification of the CRL issuer has failed (the issuer certificate entered does not match).

5047 - 800013B7

• ERR_CERT_REVOKED_LIBCLIENT_FIX1
• The certificate provided is revoked.
• See details in ERR_CERTIFICATE_REVOKED.

5048 - 800013B8

• ERR_ACCESS_DENIED_TOKEN_NOT_NEEDED
• Access denied.
• The HSM security subsystem denied access because the credentials presented to execute the request include invalid authentication factors (such as the OTP of a token, when the user is not configured to use it).

5049 - 800013B9

• ERR_ACCESS_DENIED_TOKEN_NEEDED
• Access denied.
• The HSM security subsystem denied access because the credentials presented to execute the request do not include mandatory authentication factors (such as the OTP of a token, since the user is configured to use it).

5050 - 800013BA

• ERR_CERT_REVOKED_CRL_VAL_UNUSED
• The certificate provided is revoked.
• Certificate validation has been carried out without verifying the CRL (i.e. the certificate is included in the CRL, which has not had its signature verified).

5051 - 800013BB

• ERR_CERT_VALID_CRL_VAL_UNUSED
• The certificate provided is not revoked.
• Certificate validation was carried out without verifying the CRL (i.e. the certificate is not included in the CRL, which has not had its signature verified).

5052 - 800013BC

• ERR_CANNOT_PARSE_XML
• Error in XML manipulation.
• The HSM was unable to decode the XML provided (it is probably malformed/invalid). Occurs in the following scenarios: a) signing/verification of DSig XML to the RFC 3275 standard; b) import of PSKC files by the module OATH;

5053 - 800013BD

• ERR_CANNOT_CREATE_XML_SIG_TEMPL
• DSig XML template creation failed.
• The XML module tried to make an XML DSig signature in the RFC 3275 standard, but the manipulation of the XML generated errors in the construction of the required format. A detailed description with the diagnosis of the tags involved is not available (usually due to memory allocation problems).

5054 - 800013BE

• ERR_CANNOT_ADD_XML_SIG_TEMPL_REF
• DSig XML template creation failed.
• O módulo XML tentou fazer uma assinatura XML DSig no padrão da RFC 3275, mas a manipulação da tag <dsig:Signature/> gerou erros na construção do formato necessário. Uma descrição pormenorizada com um diagnóstico completo não está disponível (normalmente, devido a problemas de alocação de memória).

5055 - 800013BF

• ERR_CANNOT_ADD_XML_SIG_TEMPL_TRANS
• DSig XML template creation failed.
• The XML module tried to make an XML DSig signature in the RFC 3275 standard, but the manipulation of the enveloped and/or C14N tags generated errors in the construction of the required format. A detailed description with a complete diagnosis is not available (usually due to memory allocation problems).

5056 - 800013C0

• ERR_CANNOT_ADD_XML_SIG_KEY_INFO
• DSig XML template creation failed.
• O módulo XML tentou fazer uma assinatura XML DSig no padrão da RFC 3275, mas a manipulação da tag <dsig:KeyInfo/> gerou erros na construção do formato necessário. Uma descrição pormenorizada com um diagnóstico completo não está disponível (normalmente, devido a problemas de alocação de memória).

5057 - 800013C1

• ERR_CANNOT_ADD_XML_SIG_KEY_CERT
• DSig XML template creation failed.
• O módulo XML tentou fazer uma assinatura XML DSig no padrão da RFC 3275, mas a manipulação da tag <dsig:X509Data/> gerou erros na construção do formato necessário. Uma descrição pormenorizada com um diagnóstico completo não está disponível (normalmente, devido a problemas de alocação de memória).

5058 - 800013C2

• ERR_CANNOT_ALLOC_XML_SIG_CTX
• DSig XML signature or verification failed.
• The XML module tried to generate or verify a signature in the RFC 3275 standard, but was unable to allocate an internal context structure (probably a memory allocation failure).

5059 - 800013C3

• ERR_CANNOT_PARSE_DER_PRIV_KEY
• DSig XML signature failure.
• The XML module tried to generate a signature in the RFC 3275 standard, but was unable to retrieve the required private key. This is usually a memory allocation problem when decoding DER structures. In extreme situations, it can signal internal data corruption.

5060 - 800013C4

• ERR_XML_CANNOT_LOAD_PRIV_KEY
• DSig XML signature failure.
• The XML module tried to generate a signature in the RFC 3275 standard, but was unable to retrieve the required private key. This is usually a memory allocation problem when decoding DER structures. In extreme situations, it can signal internal data corruption.

5061 - 800013C5

• ERR_XML_CANNOT_LOAD_CERT
• DSig XML signature failure.
• The XML module tried to generate a signature in the RFC 3275 standard, but was unable to retrieve the necessary certificate. This is usually a memory allocation problem when decoding DER structures. In extreme situations, it can signal internal data corruption.

5062 - 800013C6

• ERR_XML_CANNOT_CREATE_KEY_MNG
• DSig XML verification failed.
• The XML module tried to verify a signature in the RFC 3275 standard, but was unable to allocate an internal data structure. This is usually a memory allocation problem.

5063 - 800013C7

• ERR_XML_CANNOT_INIT_KEY_MNG
• DSig XML verification failed.
• The XML module tried to verify a signature in the RFC 3275 standard, but was unable to manipulate an internal key structure. This is usually a memory allocation problem.

5064 - 800013C8

• ERR_XML_CANNOT_LOAD_TRUSTED_CERTS
• DSig XML verification failed.
• The XML module tried to verify a signature in the RFC 3275 standard, but was unable to retrieve the required certificate chain. This is usually a memory allocation problem when decoding DER structures. In extreme situations, it can signal internal data corruption.

5065 - 800013C9

• ERR_XML_SIG_NODE_NOT_FOUND
• DSig XML verification failed.
• O módulo XML tentou verificar uma assinatura no padrão da RFC 3275, mas não conseguiu localizar a tag <dsig:Signature/> (o XML é provavelmente malformado/inválido).

5066 - 800013CA

• ERR_XML_CERT_NODE_NOT_FOUND
• DSig XML verification failed.
• O módulo XML tentou verificar uma assinatura no padrão da RFC 3275, mas não conseguiu localizar a tag <dsig:X509Data/> (o XML é provavelmente malformado/inválido).

5067 - 800013CB

• ERR_XML_CANNOT_DECODE_CERT_NODE
• DSig XML verification failed.
• O módulo XML tentou verificar uma assinatura no padrão da RFC 3275, mas não conseguiu decodificar a tag <dsig:X509Data/> em uma representação DER válida para um certificado X.509 (o XML pode estar malformado/inválido, e/ou problemas de alocação de memória foram encontrados).

5068 - 800013CC

• ERR_CANNOT_PARSE_DER_CERT
• DSig XML verification failed.
• O módulo XML tentou verificar uma assinatura no padrão da RFC 3275, mas não conseguiu decodificar a tag <dsig:X509Data/> em uma representação DER válida para um certificado X.509 (o XML pode estar malformado/inválido, e/ou problemas de alocação de memória foram encontrados).

5069 - 800013CD

• ERR_DEPRECATED_XML_COMPRESS
• XML DSig operation failed.
• The XML module was unable to parse the data entered for signature generation/verification in the RFC 3275 standard. The following were supported: RFC 1950 (ZLIB), RFC 1951 (DEFLATE), and RFC 1952 (GZIP), but this functionality has been removed. New firmware versions will return ERR_CANNOT_PARSE_XML.

5070 - 800013CE

• ERR_INVALID_CERTIFICATE_NULL_RES
• Certificate handling failure.
• In certain contexts - for example, when decoding the contents of a certificate - a certain error may have occurred, preventing a more precise diagnosis (e.g. memory allocation failures, IO problems, etc.). Occurs in: a) SPB decode/encode/map requests (e.g. in GEN messages that trigger automatic certificate exchange operations); b) XML DSig signatures in the RFC 3275 standard; c) PKCS #12 file imports;

5071 - 800013CF

• ERR_CANNOT_RECREATE_MASTER
• Failed to recreate user master.
• The storage and security layers work with partitions to isolate data. This error occurs when a request is made to create a user with the name 'master' (the user master is special; it is the HSM's system operator, and cannot be [re]created or removed).

5072 - 800013D0

• ERR_CANNOT_CREATE_USR_STORAGE1
• User creation operation failed.
• This occurs when a user creation operation has been accepted and distributed by the replication layer, but there has been a failure to write data to the storage layer. This error should be temporary. If it persists, contact the manufacturer.

5073 - 800013D1

• ERR_CANNOT_CREATE_USR_STORAGE2
• User creation/removal operation failed.
• DISCONTINUED. Occurs in older firmware versions, when user creation/removal operations have been accepted and distributed by the replication layer, but there has been a failure to write data to the storage layer. This error should be temporary. If it persists, contact the manufacturer.

5074 - 800013D2

• ERR_CANNOT_CREATE_USR_DEFAULT_ACL
• Failure to save user data.
• Occurs when: a) a user creation operation has been accepted and distributed by the replication layer, but permission data has failed to be written to the storage layer. In this scenario, this error should be temporary (if it persists, contact the manufacturer); b) replication live-sync failed to write permissioning data; in this scenario, the error is synchronous;

5075 - 800013D3

• ERR_CANNOT_ALLOC_CTX
• Failure to allocate operational context.
• The equipment is capable of working with extremely large resources, broken down into smaller blocks. Operational contexts are used to manage this state, usually associated with hashes, hmacs or symmetric keys. For example, an SPB decode operation can fail with this return code when handling compressed messages. Another (rare) situation where this error occurs is when the DRBG subsystem fails to generate random numbers. Normally, operational context allocation failures occur when there is no more memory available for processing a resource.

5076 - 800013D4

• ERR_CANNOT_LOAD_PRIV_KEY
• Private key recovery failed
• Private keys are used in asymmetric cryptography operations to make digital signatures or to open symmetric key envelopes. One operation tried to recover an existing RSA/ ECC private key, but was unable to decrypt its DER representation. Memory allocation problems are the typical culprits; in extreme cases, there may have been some data corruption. Occurs in: a) essential RSA/ECC tasks; b) signature generation in the ISO 9796 standard; c) imports/exports in the PKCS #8 standard; d) SPB decode requests (e.g. in GEN messages that trigger automatic certificate exchange operations);

5077 - 800013D5

• ERR_CANNOT_DECODE_PUB_KEY
• Public key recovery failed
• Public keys are used in asymmetric cryptography operations to verify digital signatures or to envelop symmetric keys. An operation tried to recover an RSA/ ECC public key, but was unable to process its DER representation. Memory allocation problems are the typical culprits; in extreme cases, there may have been some data corruption. Occurs in: a) essential RSA/ECC tasks;

5078 - 800013D6

• ERR_CANNOT_GENERATE_RND_DATA
• Failure to generate random numbers
• The HSM was unable to generate a block of cryptographically strong random numbers. The (rare) origin of this error is the DRBG subsystem's inability to move forward (usually related to memory allocation problems). It occurs when: a) authenticating users; b) explicitly requesting the generation of random numbers; c) issuing blobs OATHd) when the replication layer needs to synchronize data from devices in the same pool;

5079 - 800013D7

• ERR_CACHE_LAYER_EXHAUSTED
• Failure to use an object.
• The HSM operates with several levels of caching, optimizing its storage layer. It was not possible to open/use an existing object (usually a key) because, in order to run with exceptional performance, a limited amount of memory is reserved for caching. In practice, pending connections should be checked (they may be keeping temporary objects open), and/or objects no longer required for regular operation should be removed.

5080 - 800013D8

• ERR_RSA_POWER_SIGN_FAILED
• Optimized RSA signature failure.
• The main HSM module tried to generate a digital signature in the PKCS #1 standard, but execution errors occurred, and there are no more specific details, with a precise diagnosis (reporting memory allocation problems, etc.).

5081 - 800013D9

• ERR_CANNOT_DEMOTE_MASTER
• User permissions update failed master.
• The user master is special; he is the HSM system operator, and cannot have his permissions removed.

5100 - 800013EC

• ERR_CANNOT_GET_SYS_INFO
• Failure to retrieve system information.
• The status manager module was unable to retrieve important system information to send to the client. In very rare scenarios (e.g. legacy firmware versions), this code can signal a failure in the DRBG subsystem when trying to obtain date/time counters (essential for diversifying its state).

5101 - 800013ED

• ERR_CANNOT_ALLOC_UPACK_ID
• Failed to send firmware update.
• Firmware updates are carried out via update-packages (upacks), sent remotely via the administrative console. The state manager module was unable to receive an update because the generation of its internal unique identifier failed. A malfunction in the DRBG subsystem could be responsible for this return code (see ERR_CANNOT_GENERATE_RND_DATA for more details).

5102 - 800013EE

• ERR_CANNOT_ALLOC_UPACK_PATH
• Failed to send firmware update.
• DISCONTINUED. Occurs in older firmware versions. See ERR_CANNOT_ALLOC_UPACK_ID.

5103 - 800013EF

• ERR_CANNOT_WRITE_UPACK_OBJ
• Failed to send firmware update.
• Firmware updates are carried out via update-packages (upacks), sent remotely via the administrative console. The state manager module was unable to receive an update because its write to the storage layer failed.

5104 - 800013F0

• ERR_INVALID_CRL
• List of revoked certificates (CRL) is invalid.
• Lists of revoked certificates are used in ICPs to store serial numbers of certificates that have been revoked (and should therefore no longer be considered trustworthy). An operation tried to retrieve a CRL, but was unable to decode its DER representation. Memory allocation problems are the typical culprits; in extreme cases, there may have been some data corruption.

5105 - 800013F1

• ERR_OPERATION_FAILED
• Requested operation/function/task failed.
• The requested operation/function/task generated this generic error - sometimes discontinued/legacy - to signal an internal operational problem. It can occur in various scenarios (e.g. mathematical/scriptographic operations, memory allocation, IO, etc). More recent firmware versions work with more specialized return codes, which allow problems to be resolved more quickly and immediately.

5106 - 800013F2

• ERR_GET_USR_ACL_FAILED
• Failed to retrieve permission information.
• The security layer cannot retrieve the access control list (ACL) with the user's permissions. This is usually a temporary problem. Please check the user identifier, and try again in a few moments.

5107 - 800013F3

• ERR_INVALID_SIGNATURE
• Invalid digital signature.
• The HSM identified an invalid signature/code when performing RSA/ECC/EdDSA/MAC checks or AEAD/XML/SPB/PIX operations.

5108 - 800013F4

• ERR_CANNOT_GENERATE_SOFT_TOKEN
• The HOTP soft-token issue failed.
• DISCONTINUED. Returned by old firmware versions when the automatic issuance of HOTP apps/tokens in JavaME failed. NOTE: the OTP module is no longer available, and is considered insecure by modern security practices.

5109 - 800013F5

• ERR_INVALID_SECRET
• Invalid safety critical parameter.
• Critical security parameters (CSP) can take many forms: cryptographic keys, passwords, one-time-passwords (OTPs), PINs, 'm of n' components, etc. One of these parameters was sent in a request for processing, and it was found to be invalid. The EFT, EMV, and OATH modules can return this code.

5120 - 80001400

• ERR_ACCESS_DENIED_USR_BLOCKED
• Access denied and user blocked.
• The HSM security subsystem denied access because the credentials presented were insufficient to execute the request. The user has also been blocked (disabled), as the global security policy has been activated.

5121 - 80001401

• ERR_INVALID_IMEI
• The HOTP soft-token issue failed.
• DISCONTINUED. Returned by old firmware versions when automatic issuance of HOTP apps/tokens in JavaME failed (due to invalid IMEI). NOTE: the OTP module is no longer available, and is considered insecure by modern security practices.

5122 - 80001402

• ERR_REPLAY_DETECTED
• OTP reuse attempt detected.
• The OATH module detected an attempt to reuse a One Time Password (OTP), and returned an exception. It can be used with HOTP and TOTP OTPs.

5123 - 80001403

• ERR_NON_APPROVED_OPERATION
• Operation not permitted in restricted mode.
• A feature has been requested with the HSM operating in restricted mode (e.g. MC7 or FIPS). Only specific algorithms/protocols/standards are allowed (i.e. legacy cryptography such as MD5 and ARC4 is prohibited). Restoring backups generated in standard mode is not allowed when restricted mode is active (firmware updates are also disabled).

5124 - 80001404

• ERR_ACCESS_DENIED_OBJ_BLOCKED
• Access denied due to block on object.
• The HSM 's security subsystem has denied access to an object (usually a key) because it is locked (disabled), or has violated some SP 800-57 policy (in this case, first check the device's date/time). The owner of the partition where the object resides (or another authorized user) may be able to unlock it.

5125 - 80001405

• ERR_DRBG_CONTINUOUS_TEST
• Failure to generate random numbers
• HSM has detected a problem in its cryptographic random number generator by performing a runtime check. See ERR_CANNOT_GENERATE_RND_DATA for more details that may apply in this situation.

5126 - 80001406

• ERR_RSA_CONTINUOUS_TEST
• Key creation/read/import failed.
• DISCONTINUED. Occurs in older firmware versions. See ERR_KEY_CONTINUOUS_TEST.

5127 - 80001407

• ERR_ECC_CONTINUOUS_TEST
• Key creation/read/import failed.
• DISCONTINUED. Occurs in older firmware versions. See ERR_KEY_CONTINUOUS_TEST.

5128 - 80001408

• ERR_OF_CONTINUOUS_TEST
• Key creation/read/import failed.
• DISCONTINUED. Occurs in older firmware versions. See ERR_KEY_CONTINUOUS_TEST.

5129 - 80001409

• ERR_AES_CONTINUOUS_TEST
• Key creation/read/import failed.
• DISCONTINUED. Occurs in older firmware versions. See ERR_KEY_CONTINUOUS_TEST.

5130 - 8000140A

• ERR_ALT_BN128_CONTINUOUS_TEST
• Key creation/read/import failed.
• DISCONTINUED. Occurs in older firmware versions. See ERR_KEY_CONTINUOUS_TEST.

5175 - 80001437

• ERR_CANNOT_UPDATE_OBJ
• Failure to update an object.
• The HSM storage layer was unable to update an obj (this usually involves its metadata, but also occurs in [a] map updates, [b] {un}locking objs, and [c] live-sync replication).

5176 - 80001438

• ERR_CANNOT_GET_PWD_POLICY
• Failed to recover critical password security parameter.
• A critical security parameter (CSP) password cannot be recovered by the storage layer (shash, expiration policy, and/or global size/format policy). This must be a temporary problem, caused by competing access to the equipment. If the error persists, the manufacturer should be contacted.

5177 - 80001439

• ERR_PWD_BLOCKED_BY_POLICY
• Invalid password according to HSM's security policy.
• The security layer has blocked a password change or user creation because the global size/format policy has been violated.

5178 - 8000143A

• ERR_PWD_EXPIRED
• Asked to change user password, or a-token is expired.
• Occurs when: a) The global password expiration policy is active. The security layer has successfully authenticated the user credentials, but has requested a password change in order to release use of the established session; b) The access/authentication token has expired and can no longer be used for user impersonation;

5179 - 8000143B

• ERR_CERT_VALID_CRL_VAL_UNUSED_CRL_EXPIRED
• The certificate provided is not revoked.
• The certificate check was carried out with a CRL that was considered expired (using the current date/time of the device). In other words, the certificate is not included in the CRL, but no signature checks have been carried out.

5180 - 8000143C

• ERR_CERT_VALID_CRL_EXPIRED
• The certificate provided is not revoked.
• The certificate check was carried out with a CRL that was considered expired (using the current date/time of the device). In other words, the certificate is not included in the CRL, and signature checks have been carried out.

5181 - 8000143D

• ERR_INVALID_CERT_SIGN
• The certificate entered is invalid.
• The CRL check detected an invalid certificate signature.

5200 - 80001450

• ERR_CANNOT_LOAD_CORRUPTED_OBJ
• Failed to load an object.
• The HSM cannot open/export/rename an existing object (usually a key) because its integrity test has failed. The firmware employs a SHA1 checksum (of 160 bits). This error may be temporary, but usually signals serious data corruption (and/or hardware problems). Check with the manufacturer.

5230 - 8000146E

• ERR_INVALID_CERT_ISPB_MISMATCH
• Certificate validation failed.
• An SPB encode/decode/map operation has detected a difference between the source/destination ISPB informed, and the ISPB contained in the certificate used.

5231 - 8000146F

• ERR_INVALID_CA
• Invalid certificate authority (CA).
• SPB module decode operations (usually in GEN messages that trigger automatic certificate exchange operations) or SPB encode requests cannot use certificates issued by unknown CAs. The following CAs (with corresponding values) are documented in the SPB manual, section 4.2.6: a) Serpro (1); b) Certisign (2); c) Serasa (4); d) CAIXA (5); e) Valid (6);

5303 - 800014B7

• ERR_DEPRECATED_FUNCTION
• The requested operation/function/task has been discontinued.
• The manufacturer is constantly improving its products. The requested operation is no longer available, as modern security practices probably deem it inappropriate to perform (even if it was not previously considered a threat, or was even industry practice).

5304 - 800014B8

• ERR_SERVER_BUSY
• The server is overloaded.
• DISCONTINUED. Returned by older firmware versions. A request has been rejected because the HSM is overloaded. Newer firmware versions work with more specialized return codes, which allow problems to be resolved more quickly and immediately. In any case, this must be a temporary error. Please try again in a few moments.

5305 - 800014B9

• ERR_SL_BE_BUSY
• Read failure in the storage layer.
• The request cannot be executed because the storage layer is overloaded with too many IO (read/write) operations. This is common in object listing requests. This is usually a temporary failure. Please try again in a few moments.

5306 - 800014BA

• ERR_SVMK_MISMATCH
• Server Master Key (SVMK) invalid.
• An attempt to restore a backup copy failed because the image was originally generated on a device initialized with a different SVMK than the one currently loaded. In this scenario, the operation will always generate an error, protecting the client's database from loss.

5307 - 800014BB

• ERR_INVALID_CERT_SN_MISMATCH
• The certificate entered is invalid.
• The SPB encode/decode request detected a discrepancy between the serial number (SN) of the certificate provided and the SN contained in the SPB message header. This double-check protects the client against data corruption and/or invalid/inconsistent messages.

5308 - 800014BC

• ERR_CANNOT_DEC_SYM_KEY
• Symmetric key recovery failure.
• Error in SPB module decode operation. SPB messages use a digital envelope to protect sensitive information. When the recipient receives the message, this envelope needs to be opened to retrieve the 3DES transport key that guarantees the confidentiality of the message content. In this process, the recipient uses their private key. If the sender of the message has used an incorrect public key in the envelope (for example, using a certificate that is no longer active), and/or if there has been any corruption in the message data, it will not be possible to open the digital envelope, and this return code will signal the problem.

5309 - 800014BD

• ERR_CANNOT_REC_SYM_KEY
• Failure to use a symmetric key.
• Error in SPB module decode operation. The 3DES key envelope was correctly opened (decrypted), but key scaling failed. This is usually a memory allocation problem. See ERR_CANNOT_DEC_SYM_KEY for more details.

5401 - 80001519

• SUCCESS_CANNOT_OPEN_OBJ_AT_REPL
• Failure to use an object.
• The HSM was unable to open/use a successfully created object (usually a key) because it is still in the process of being written to the replication layer. In a few moments, this object will probably be available for regular use.

5402 - 8000151A

• ERR_CANNOT_OPEN_INVALID_OBJ_AT_REPL
• Failure to use an object.
• The HSM has not been able to open/use an object that has changed (been [un]locked, removed, or renamed) because it is still in the process of being updated in the replication layer. In a few moments, the status of the object will probably be set.

5500 - 8000157C

• ERR_CANNOT_SL_BE_CHECK_OBJ
• Failure to create an object.
• The HSM 's storage layer was unable to create an obj (usually a key) because a structural read failure did not allow the event to be validated. This is a rare problem (usually temporary). Please try again in a few moments.

5501 - 8000157D

• ERR_CANNOT_WRITE_AUTH_INFO_OBJ
• Failed to save authentication information.
• The HSM storage layer was unable to record information from OATHso that the user can authenticate with 2-factor authentication. This is a rare problem (usually temporary). Please try again in a few moments.

5502 - 8000157E

• ERR_CANNOT_GEN_RSA_KEY
• RSA key creation failure.
• The HSM storage layer was unable to create an RSA key because it failed to handle cryptographic material. This could be a memory allocation problem. In rare cases, there may have been a failure to generate random numbers. See ERR_DRBG_CONTINUOUS_TEST for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

5503 - 8000157F

• ERR_CANNOT_GEN_ECC_CURVE
• ECC key creation failure.
• DISCONTINUED. Occurs in older firmware versions. See ERR_CANNOT_GEN_ECC_KEY.

5504 - 80001580

• ERR_CANNOT_GEN_ECC_KEY
• ECC key creation failure.
• The HSM storage layer was unable to create an ECC key because it failed to handle cryptographic material. This could be a memory allocation problem. In rare cases, there may have been a failure to generate random numbers. See ERR_DRBG_CONTINUOUS_TEST for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

5505 - 80001581

• ERR_CANNOT_GEN_ECC_DER
• Key serialization failure.
• DISCONTINUED. Occurs in older firmware versions. See ERR_CANNOT_ALLOC_MEM.

5506 - 80001582

• ERR_CANNOT_GEN_ECC_DER_KEY
• Key serialization failure.
• DISCONTINUED. Occurs in older firmware versions. See ERR_CANNOT_ALLOC_MEM.

5507 - 80001583

• ERR_CANNOT_CREATE_UNKNOWN_OBJ
• Failed to create unknown object.
• The HSM storage layer was unable to create an obj (usually a key) because it is unknown. Please contact the manufacturer (a firmware update may solve the problem).

5508 - 80001584

• ERR_CANNOT_WRITE_HSM_MODE
• Operation mode update failed.
• The HSM storage layer was unable to change the operating mode because a write failure occurred. This is a rare problem (usually temporary). Please try again in a few moments.

5509 - 80001585

• ERR_CANNOT_WRITE_LOGIN_BLOCK_INFO
• Failure to save user [un]lock information.
• HSM 's security layer was unable to record user login [un]lock information. This is a rare problem (usually temporary). Please try again in a few moments.

5510 - 80001586

• ERR_CANNOT_SETUP_LIVE_SYNC_OBJ
• Failed to prepare for saving object(s).
• The HSM 's storage layer was unable to prepare for writing the data of one or more objects during the replication live-sync operation. This is usually a memory allocation problem. Please try again in a few moments.

5511 - 80001587

• ERR_CANNOT_CREATE_LIVE_SYNC_OBJ
• Failed to save object(s).
• The HSM storage layer was unable to write the data of one or more objects when performing a replication live-sync operation. This is a very rare problem (usually temporary). Please try again in a few moments.

5512 - 80001588

• ERR_CANNOT_OPEN_LOG
• Failed to open the audit log.
• The HSM storage layer was unable to open the log because there was a structural read failure in the file. If the error persists, the manufacturer should be contacted.

5513 - 80001589

• ERR_COULD_NOT_OPEN_OBJ
• Failed to create a local/temporary object.
• The HSM was unable to open/use an object (usually a key) that would have been created successfully. See ERR_CANNOT_OPEN_OBJ, ERR_CANNOT_ALLOC_RES and ERR_CACHE_LAYER_EXHAUSTED for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

5514 - 8000158A

• ERR_CANNOT_EXPORT_RAW_OBJ
• Failure to extract an object (due to IO failure).
• Objects in the HSM can be saved using a generic security policy: a) they are exportable, or b) they are NOT exportable. Keys are usually stored in non-exportable mode, while certificates (by their very public nature) can be removed from the device. This error occurs whenever a request tries to retrieve the full contents of exportable objects, but structural read failures have occurred.

5515 - 8000158B

• ERR_CANNOT_RENAME_OBJ
• Failed to rename an object.
• The HSM storage layer was unable to rename an existing obj (usually a key). Move/rename operations involving more than one partition are not allowed (when a user tries to move/rename objs from other partitions, even if the respective owners have granted write/update permissions). Users can only rename objects in their own partitions.

5516 - 8000158C

• ERR_REPLICATION_CANNOT_OPEN_OBJ
• Failure to use an object.
• The HSM replication layer was unable to open/use an existing obj (usually a key). See details in ERR_CANNOT_OPEN_OBJ.

5517 - 8000158D

• ERR_CANNOT_SETUP_LIVE_SYNC_IMG
• Failed to prepare the live-sync image.
• The HSM replication layer was unable to prepare the image with the live-sync data. This is usually a memory allocation problem. Please try again in a few moments.

5518 - 8000158E

• ERR_CANNOT_LOAD_LIVE_SYNC_IMG
• Failed to load live-sync image.
• The HSM replication layer was unable to read the data from the live-sync image. This is a very rare problem (usually temporary). Please try again in a few moments.

5519 - 8000158F

• ERR_CANNOT_SETUP_LIVE_SYNC_DEL_USR
• Failed to set up removal of user(s).
• The HSM replication layer was unable to prepare for the removal of one or more users during the live-sync operation. This is usually a memory allocation problem. Please try again in a few moments.

5520 - 80001590

• ERR_CANNOT_DEL_LIVE_SYNC_USR
• Failed to remove user(s).
• The HSM replication layer was unable to remove data from one or more users when performing a live-sync operation. This is a very rare problem (usually temporary). Please try again in a few moments.

5521 - 80001591

• ERR_CANNOT_SETUP_LIVE_SYNC_DEL_CONFIG
• Failed to prepare the removal of configuration parameters.
• The HSM replication layer was unable to prepare for the removal of one or more configuration parameters during the live-sync operation. This is usually a memory allocation problem. Please try again in a few moments.

5522 - 80001592

• ERR_CANNOT_DEL_LIVE_SYNC_CONFIG
• Failed to remove configuration parameters.
• The HSM replication layer was unable to remove one or more configuration parameters when performing a live-sync operation. This is a very rare problem (usually temporary). Please try again in a few moments.

5523 - 80001593

• ERR_CANNOT_SETUP_LIVE_SYNC_CONFIG
• Failed to prepare for entering configuration parameters.
• The HSM replication layer was unable to prepare the insertion of one or more configuration parameters during the live-sync operation. This is usually a memory allocation problem. Please try again in a few moments.

5524 - 80001594

• ERR_CANNOT_CREATE_LIVE_SYNC_CONFIG
• Failed to add configuration parameters.
• The HSM replication layer was unable to add one or more configuration parameters when performing a live-sync operation. This is a very rare problem (usually temporary). Please try again in a few moments.

5525 - 80001595

• ERR_CANNOT_SETUP_LIVE_SYNC_USER
• Failed to set up user(s) insertion.
• The HSM replication layer was unable to prepare for the insertion of one or more users during the live-sync operation. This is usually a memory allocation problem. Please try again in a few moments.

5526 - 80001596

• ERR_CANNOT_CREATE_LIVE_SYNC_USER
• Failed to add user(s).
• The HSM replication layer was unable to add one or more user(s) when performing a live-sync operation. This is a very rare problem (usually temporary). Please try again in a few moments.

5527 - 80001597

• ERR_CANNOT_SETUP_LIVE_SYNC_ACL
• Failed to prepare the insertion of permission information.
• The HSM replication layer was unable to prepare the insertion of user(s) permission information during the live-sync operation. This is usually a memory allocation problem. Please try again in a few moments.

5528 - 80001598

• ERR_CANNOT_CREATE_LIVE_SYNC_ACL
• Failed to add permission information.
• The HSM replication layer was unable to record user(s) permission information when performing a live-sync operation. This is a very rare problem (usually temporary). Please try again in a few moments.

5529 - 80001599

• ERR_CANNOT_DEL_AUTH_INFO_OBJ
• Failed to remove authentication information.
• The HSM storage layer was unable to delete information from OATHwhich the user uses for 2-factor authentication. This is a rare problem (usually temporary). Please try again in a few moments.

5530 - 8000159A

• ERR_INVALID_KEY_NULL_RES
• Cryptographic key manipulation failure.
• In certain contexts - for example, when decoding the contents of a cryptographic key - a certain error may have occurred, preventing a more precise diagnosis (e.g. memory allocation failures, IO problems, etc.). Occurs in: a) SPB decode/encode/map requests (e.g. in GEN messages that trigger automatic certificate exchange operations); b) signing XML DSig to the RFC 3275 standard;

5531 - 8000159B

• ERR_INVALID_MSG_NULL_RES
• Cryptographic message manipulation failure.
• In certain contexts - for example, when encoding the content of a cryptographic message - a certain error may have occurred, preventing more precise diagnosis (e.g. memory allocation failures). Occurs in: a) PKCS #7 signatures (when the DER representation of the message cannot be loaded/encoded);

5532 - 8000159C

• ERR_CANNOT_GEN_SYM_KEY
• Failure to prepare the symmetric key.
• Symmetric keys are used in (but are not limited to) operations involving data confidentiality. Allocating and scaling these keys requires memory and a block of cryptographically strong random numbers. If any intermediate step in the generation/preparation fails, these keys cannot be used. See ERR_CANNOT_GENERATE_RND_DATA and ERR_DRBG_CONTINUOUS_TEST for more details. Occurs in: a) SPB encode requests; SPB messages use a digital envelope for the protection of sensitive data; this code is returned if the sender failed to prepare the 3DES or AES keys for envelopment;

5533 - 8000159D

• ERR_CANNOT_SETUP_USR_AUTH_INFO
• Failed to set up user(s) authentication.
• The HSM storage layer was unable to prepare the read data for user authentication. This is usually a memory allocation problem. Please try again in a few moments.

5534 - 8000159E

• ERR_CANNOT_BIND_USR_AUTH_INFO
• Failed to set up user(s) authentication.
• The HSM storage layer was unable to read data for user authentication. This is usually a memory allocation problem. Please try again in a few moments.

5535 - 8000159F

• ERR_CANNOT_GET_CERT_SN
• Failed to read the certificate's serial number.
• The SPB encode or decode request (the latter, in GEN messages that trigger automatic certificate exchange operations) failed to retrieve the certificate's serial number (SN). This is usually a memory allocation problem when decoding DER structures.

5536 - 800015A0

• ERR_CANNOT_GET_CERT_ISPB
• Failed to read the certificate's ISPB.
• The SPB decode request (e.g. in GEN messages that trigger automatic certificate exchange operations) failed to retrieve the certificate's ISPB. This is usually a memory allocation problem when decoding DER structures.

5537 - 800015A1

• ERR_INVALID_HASH
• The request reported an invalid hash.
• Usually signals an invalid hash size or unknown type. It occurs in the following scenarios: a) requests for the signing/generation of certificates (CSR) in the PKCS #10 standard; b) ECC signing/verification operations; c) SPB encode/decode requests;

5538 - 800015A2

• ERR_INVALID_SIG_LEN
• The size of the signature buffer is too large.
• Occurs in the following scenarios: a) ECC check operation;

5539 - 800015A3

• ERR_INVALID_PUBKEY_LEN
• Buffer size with public key is too large.
• Occurs in the following scenarios: a) essential public tasks with RSA; b) ECC verification operation;

5540 - 800015A4

• ERR_INVALID_PSKC_XML
• Error in XML manipulation.
• The HSM has not been able to handle the XML provided (it is probably incomplete/malformed/invalid). Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5541 - 800015A5

• ERR_CANNOT_FIND_PSKC_XML_NODE
• Error in XML manipulation.
• The HSM has not been able to handle the XML provided (it is probably incomplete/malformed/invalid). Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5542 - 800015A6

• ERR_CANNOT_FIND_PSKC_XML_ATTR
• Error in XML manipulation.
• The HSM has not been able to handle the XML provided (it is probably incomplete/malformed/invalid). Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5543 - 800015A7

• ERR_INVALID_PSKC_KEY_DERIVATION
• Error in XML manipulation.
• HSM was unable to use the key derivation algorithm provided. Only PBKDF2 is supported. Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5544 - 800015A8

• ERR_INVALID_PSKC_KEY_DERIVATION_IT
• Error in XML manipulation.
• The HSM was unable to use the key derivation algorithm provided, as the iteration counter is invalid. Only PBKDF2 is supported. Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5545 - 800015A9

• ERR_INVALID_PSKC_KEY_DERIVATION_LEN
• Error in XML manipulation.
• The HSM was unable to use the key derivation algorithm entered because the key size is invalid. Only PBKDF2 is supported. Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5546 - 800015AA

• ERR_INVALID_PSKC_KEY_DERIVATION_SALT_LEN
• Error in XML manipulation.
• The HSM was unable to use the key derivation algorithm provided, because the size of the salt (diversifier) is invalid. Only PBKDF2 is supported. Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5547 - 800015AB

• ERR_PSKC_KEY_DERIVATION_FAILED
• Error in PKCS derivation #5 of PSKC.
• The HSM was unable to perform key derivation in the PKCS #5 standard. This occurs in the following scenarios: a) the module imports PSKC files OATH;

5548 - 800015AC

• ERR_INVALID_PSKC_KEY_ALG
• Error in XML manipulation.
• HSM was unable to use the algorithm provided. Only HOTP and TOTP are supported. Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5549 - 800015AD

• ERR_INVALID_PSKC_KEY_METHOD
• Error in XML manipulation.
• HSM was unable to use the encryption method provided. Only AES128-CBC is supported. Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5550 - 800015AE

• ERR_INVALID_OATH_EPOCH
• Date/time manipulation error OATH.
• HSM was unable to use the Epoch reported (currently, offsets are not supported). Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5551 - 800015AF

• ERR_INVALID_OATH_TIMESTEP
• Date/time manipulation error OATH.
• The HSM was unable to use the Time-Step entered (currently, only values greater than or equal to 30 are supported). Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5552 - 800015B0

• ERR_INVALID_OATH_DRIFT
• Date/time manipulation error OATH.
• The HSM was unable to use the given offset (currently, time-drifts are not supported). Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5553 - 800015B1

• ERR_INVALID_PSKC_SECRET_LEN
• Error in XML manipulation.
• HSM was unable to use the given secret because its size is invalid. Only PKCS #5/PBKDF2 with AES128-CBC are supported. Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5554 - 800015B2

• ERR_UNKNOWN_PADDING_TYPE
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5555 - 800015B3

• ERR_DATA_TOO_LARGE_FOR_MODULUS
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5556 - 800015B4

• ERR_DATA_GREATER_THAN_MODULUS_LEN
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5557 - 800015B5

• ERR_PADDING_CHECK_FAILED
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5558 - 800015B6

• ERR_DATA_TOO_LARGE_FOR_KEY_SIZE
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5559 - 800015B7

• ERR_DATA_TOO_SMALL_FOR_KEY_SIZE
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5560 - 800015B8

• ERR_INVALID_TYPE1_PADDING
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5561 - 800015B9

• ERR_INVALID_TYPE2_PADDING
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5562 - 800015BA

• ERR_BAD_FIXED_HDR_PADDING
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5563 - 800015BB

• ERR_MISSING_NULL_PADDING
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5564 - 800015BC

• ERR_BAD_PAD_BYTE_COUNT
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5565 - 800015BD

• ERR_DATA_TOO_LARGE_FOR_PADDING
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5566 - 800015BE

• ERR_BN_NO_INVERSE
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5567 - 800015BF

• ERR_STATIC_BN_CANNOT_EXPAND
• Requested operation failed.
• DISCONTINUED. Occurs in older firmware versions. See ERR_OPERATION_FAILED.

5568 - 800015C0

• ERR_BN_IS_NOT_PRIME
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5569 - 800015C1

• ERR_TOO_MANY_BN_ITERATIONS
• Requested operation failed.
• DISCONTINUED. Occurs in older firmware versions. See ERR_OPERATION_FAILED.

5570 - 800015C2

• ERR_BN_IS_NOT_A_SQUARE
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5571 - 800015C3

• ERR_BN_DIV_BY_ZERO
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5572 - 800015C4

• ERR_BN_NOT_INITIALIZED
• Requested operation failed.
• DISCONTINUED. Occurs in older firmware versions. See ERR_OPERATION_FAILED.

5573 - 800015C5

• ERR_BN_INVALID_RANGE
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5574 - 800015C6

• ERR_BN_BAD_RECIPROCAL
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5575 - 800015C7

• ERR_BN_CALLED_WITH_EVEN_MODULUS
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5576 - 800015C8

• ERR_BN_INPUT_NOT_REDUCED
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5577 - 800015C9

• ERR_BN_TOO_MANY_TMP_VARIABLES
• Requested operation failed.
• DISCONTINUED. Occurs in older firmware versions. See ERR_OPERATION_FAILED.

5578 - 800015CA

• ERR_BN_INVALID_LEN
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5579 - 800015CB

• ERR_BN_ENCODING_ERROR
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5580 - 800015CC

• ERR_INVALID_PUBLIC_EXP
• Invalid data.
• DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5581 - 800015CD

• ERR_INVALID_SPB_HDR_LEN
• 'Signature' of the SPB message header is invalid.
• The SPB decode request detected an invalid message header size. Please refer to the SPB manual for more details.

5582 - 800015CE

• ERR_INVALID_SPB_HDR_VER
• Invalid version of the SPB message header.
• The SPB decode request has detected an unsupported message header version value (V1 == 1 or V2 == 2 expected). Please refer to the SPB manual for more details.

5583 - 800015CF

• ERR_INVALID_SPB_HDR_SPECIAL_TREATMENT
• Special treatment flag in the SPB message header is invalid.
• The SPB decode request detected an invalid combination of special handling flag values in the message header (values 0-4, 6, 8, and 10 supported). Please refer to the SPB manual for more details.

5584 - 800015D0

• ERR_INVALID_SPB_HDR_R0
• Reserved field in the SPB message header is invalid.
• The SPB decode request detected an unsupported value in the reserved field of the message header (0 expected). Please refer to the SPB manual for more details.

5585 - 800015D1

• ERR_INVALID_SPB_HDR_DST_ASYM_ALG
• Certificate algorithm in the SPB message header is invalid.
• The SPB decode request detected an unsupported value for the certificate algorithm (RSA_1024 == 1 or RSA_2048 == 2 expected). Please refer to the SPB manual for more details.

5586 - 800015D2

• ERR_INVALID_SPB_HDR_DST_SYM_ALG
• The encryption algorithm in the SPB message header is invalid.
• The SPB decode request detected an unsupported value for the encryption algorithm (3DES_168 == 1 expected). Please refer to the SPB manual for more details.

5587 - 800015D3

• ERR_INVALID_SPB_HDR_SIGN_KEY_TYPE
• Signature algorithm in the SPB message header is invalid.
• The SPB decode request has detected an unsupported value for the signature algorithm (RSA_1024 == 1 or RSA_2048 == 2 expected). Please refer to the SPB manual for more details.

5588 - 800015D4

• ERR_INVALID_SPB_HDR_DST_CA
• Certificate authority (CA) in the SPB message header is invalid.
• See ERR_INVALID_CA for more details.

5589 - 800015D5

• ERR_INVALID_SPB_HDR_SIGN_CA
• Certificate authority (CA) in the SPB message header is invalid.
• See ERR_INVALID_CA for more details.

5590 - 800015D6

• ERR_INVALID_SIGN_CERT_SN_MISMATCH
• Certificate serial number in the SPB message header is invalid.
• See ERR_INVALID_CERT_SN_MISMATCH for more details.

5591 - 800015D7

• ERR_INVALID_DST_CERT_SN_MISMATCH
• Certificate serial number in the SPB message header is invalid.
• See ERR_INVALID_CERT_SN_MISMATCH for more details.

5592 - 800015D8

• ERR_INVALID_SPB_MSG_LEN
• The size of the SPB message is invalid.
• The SPB decode request has detected an invalid message size (it must be a multiple of a DES block). Please refer to the SPB manual for more details.

5593 - 800015D9

• ERR_CANNOT_PARSE_JSON
• Error when manipulating JSON content.
• The HSM was unable to decode JSON content in the operational context (it may be malformed/invalid). The storage layer uses an internal JSON representation to allow flexible and fast operations, such as the execution of native PKCS #11 tasks. It can occur in various situations, especially when manipulating objects (e.g. keys and certificates).

5594 - 800015DA

• ERR_INVALID_SPB_CHARSET_SIG_OK
• SPB message character is invalid. Signature successfully verified.
• SPB message has invalid characters, but correct digital signature. See ERR_INVALID_SPB_CHARSET for more details.

5595 - 800015DB

• ERR_JSON_MORE_DATA
• Error serializing JSON content.
• The HSM was unable to serialize a JSON content in the operational context because it exceeds the supported internal limit. See ERR_CANNOT_ALLOC_MEM and ERR_CANNOT_PARSE_JSON for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

5596 - 800015DC

• ERR_CANNOT_VIRTUALIZE_JSON
• Error when manipulating JSON content.
• The HSM was unable to generate JSON content in the operational context. This is usually a memory management problem. See ERR_CANNOT_ALLOC_MEM and ERR_CANNOT_PARSE_JSON for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

5597 - 800015DD

• ERR_CANNOT_CHANGE_OEM_JSON
• Error when manipulating JSON content.
• A native PKCS #11 operation attempted to modify an object attribute that is released read-only. Check the SDK client documentation. See ERR_CANNOT_PARSE_JSON. If the error persists, the manufacturer should be contacted.

5598 - 800015DE

• ERR_CANNOT_MERGE_JSON
• Error when manipulating JSON content.
• See ERR_CANNOT_ALLOC_MEM, ERR_CANNOT_PARSE_JSON, ERR_CANNOT_CHANGE_OEM_JSON and ERR_CANNOT_ALLOC_JSON for more details that may apply in this situation.

5599 - 800015DF

• ERR_INVALID_SPB_CHARSET
• SPB message character is invalid.
• The SPB decode request has detected an invalid character (it must belong to the Basic_Latin or Latin-1_Supplement sets. Please see DRN-approved for more details.

5600 - 800015E0

• ERR_CANNOT_GET_JSON
• Error serializing JSON content.
• The HSM was unable to serialize JSON content in the operational context. This is usually a memory management problem. See ERR_CANNOT_ALLOC_MEM and ERR_CANNOT_PARSE_JSON for more details that may apply in this situation.

5601 - 800015E1

• ERR_INVALID_SPB_CHARSET_SIG_ERR
• SPB message character is invalid. Invalid signature.
• SPB message has invalid characters and digital signature. See ERR_INVALID_SPB_CHARSET for more details.

5602 - 800015E2

• ERR_INVALID_SPB_DOMAIN
• SPB domain is invalid.
• SPB domains must be identifiers made up of up to 6 alphanumeric characters (letters or numbers).

5603 - 800015E3

• ERR_CANNOT_GEN_DSA_KEY
• DSA key creation failure.
• The HSM storage layer was unable to create a DSA key because it failed to manipulate the cryptographic material. This could be a memory allocation problem. In rare cases, there may have been a failure to generate random numbers. See ERR_DRBG_CONTINUOUS_TEST for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

5604 - 800015E4

• ERR_DSA_CONTINUOUS_TEST
• Key creation/read/import failed.
• DISCONTINUED. Occurs in older firmware versions. See ERR_KEY_CONTINUOUS_TEST.

5605 - 800015E5

• ERR_CANNOT_GEN_DH_KEY
• DH key creation failure.
• The HSM storage layer was unable to create a DH key because it failed to handle cryptographic material. This could be a memory allocation problem. In rare cases, there may have been a failure to generate random numbers. See ERR_DRBG_CONTINUOUS_TEST for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

5606 - 800015E6

• ERR_DH_CONTINUOUS_TEST
• Key creation/read/import failed.
• DISCONTINUED. Occurs in older firmware versions. See ERR_KEY_CONTINUOUS_TEST.

5699 - 80001643

• ERR_KEY_CONTINUOUS_TEST
• Key creation/read/import failed.
• A consistency problem in a key was detected at runtime. The storage layer does not have authorization to release creation/use of the key in question. See ERR_DRBG_CONTINUOUS_TEST for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

5700 - 80001644

• ERR_SERVER_STARTED
• Invalid request.
• The operation cannot be performed while the service is running.

5701 - 80001645

• ERR_HSM_AUTO_TEST_FAILURE
• The HSM may be operating inconsistently.
• Automatic tests have detected system faults. If restricted mode is active, no operation is allowed. In standard mode, operation is cleared (but structural errors may have left the HSM running in an inconsistent state). See ERR_NON_APPROVED_OPERATION.

5702 - 80001646

• ERR_SERVER_NOT_STARTED
• Invalid request.
• The operation cannot be performed while the service is not running.

5703 - 80001647

• ERR_UNAPPROVED_TSP_OPERATION
• TSP operation rejected.
• The operation was not allowed because it violates RFC 3161, RFC 5816, and/or some corporate security policy. Examples: a) exporting private keys used for signing time stamps; b) using a non-TSP private key for signing time stamps; c) attempting to operate in sleep mode;

5704 - 80001648

• ERR_INVALID_LCRYPTO_R_OPERATION
• Remote operation on 'local-crypto' partition was rejected.
• The operation was not allowed as it violates the policy on the use of local-crypto partitions'. Examples: a) signing over the network via the automatic APIs; b) exporting keys (even those marked with OBJ_ATTR_EXPORT); c) creating individual backups; d) granting access permissions to other users/partitions; e) trying to use 'local-crypto' partitions in unsupported models;

7000 - 80001B58

• ERR_OBJ_BLOCKED_BY_DS_POLICY
• Object invalid for use by HSM's security policy.
• The security layer has blocked the use of an object because the global remote policy has been violated.

7001 - 80001B59

• ERR_TRUNCATING_DS_LOG
• Failed to truncate the audit log.
• Logs/telemetry cannot be truncated locally before full transmission to HSM cloud services. This error may indicate Internet connectivity problems. Please try again in a few moments. If the error persists, please contact the manufacturer for further instructions.

10000 - 80002710

• ERR_THROTTLED_VM_SIZE
• Service memory has reached its safe operating limit.
• The HSM was unable to allocate memory to execute the request because it was overloaded. This may be related to a memory leak problem and/or poor resource management. See ERR_CANNOT_ALLOC_RES for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

10001 - 80002711

• ERR_THROTTLED_RAM
• RAM memory has reached its limit for safe operation.
• The service has forced the request to be disconnected because it is overloaded. This may be related to a memory leak problem and/or poor resource management. See ERR_CANNOT_ALLOC_RES for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

11000 - 80002AF8

• ERR_CANNOT_ALLOC_SOCKET
• Network descriptor allocation failure.
• The HSM was unable to allocate a network socket to execute the request. This is usually a problem with memory leaks and/or poor resource management. See ERR_CANNOT_ALLOC_RES for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

11001 - 80002AF9

• ERR_CANNOT_ALLOC_MEM
• Memory allocation failure.
• The HSM was unable to allocate memory to execute the request because it was overloaded. This may be related to a memory leak problem and/or poor resource management. See ERR_CANNOT_ALLOC_RES for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

11002 - 80002AFA

• ERR_CANNOT_ALLOC_KEY
• Failed to allocate work area for cryptographic key.
• The HSM was unable to allocate memory for cryptographic key operation. See ERR_CANNOT_ALLOC_MEM for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

11003 - 80002AFB

• ERR_CANNOT_ALLOC_SL_BE_HANDLE
• IO descriptor allocation failure.
• The HSM was unable to allocate a read/write handler from the storage layer. See ERR_SL_BE_BUSY for more details that may apply in this situation.

11004 - 80002AFC

• ERR_CANNOT_ALLOC_IOM
• Desktop allocation failure.
• The HSM was unable to allocate memory for the operation. See ERR_CANNOT_ALLOC_MEM for more details that may apply in this situation.

11005 - 80002AFD

• ERR_CANNOT_INIT_DRBG
• Failure to generate random numbers
• The HSM will not authorize the generation of cryptographically strong random number blocks. The DRBG subsystem cannot be initialized. See ERR_CANNOT_GENERATE_RND_DATA and ERR_CANNOT_ALLOC_MEM for more details that may apply in this situation.

11006 - 80002AFE

• ERR_CANNOT_SEED_DRBG
• Failure to generate random numbers
• The HSM will not authorize the generation of cryptographically strong random number blocks. The DRBG subsystem cannot configure its state. See ERR_CANNOT_GENERATE_RND_DATA, ERR_CANNOT_INIT_DRBG, ERR_CANNOT_ALLOC_MEM, and ERR_CANNOT_GET_SYS_INFO for more details that may apply in this situation.

11007 - 80002AFF

• ERR_CANNOT_USE_IOM
• Failure to use the desktop.
• The HSM was unable to read/write the memory allocated for the operation. See ERR_CANNOT_ALLOC_MEM and ERR_CANNOT_ALLOC_IOM for more details that may apply in this situation.

11008 - 80002B00

• ERR_CANNOT_ALLOC_OBJ_HANDLE
• Object descriptor allocation failure.
• The HSM failed to allocate a storage layer object handler. See ERR_CANNOT_ALLOC_MEM and ERR_CACHE_LAYER_EXHAUSTED for more details that may apply in this situation.

11009 - 80002B01

• ERR_REPL_CANNOT_ALLOC_SL_BE_HANDLE
• IO descriptor allocation failure.
• See ERR_CANNOT_ALLOC_SL_BE_HANDLE.

11010 - 80002B02

• ERR_CANNOT_ALLOC_TLS_CTX
• Failed to prepare network channel descriptor.
• The HSM was unable to prepare a TLS network socket for the execution of the request (used in the replication layer for communication between devices). This is usually a problem of memory leakage and/or poor resource management. See ERR_CANNOT_ALLOC_MEM for more details that may apply in this situation.

11011 - 80002B03

• ERR_CANNOT_ALLOC_TLS_SOCKET
• Network channel descriptor allocation failure.
• The HSM was unable to allocate a TLS network socket for the execution of the request (used in the replication layer for communication between devices). This is usually a problem of memory leakage and/or poor resource management. See ERR_CANNOT_ALLOC_MEM for more details that may apply in this situation.

11012 - 80002B04

• ERR_CANNOT_SERIALIZE_XML
• DSig XML signature failure.
• The XML module tried to generate a signature in the RFC 3275 standard, but the serialization of the internal DOM representation in XML failed. This is usually a memory management problem. See ERR_CANNOT_ALLOC_MEM for more details that may apply in this situation.

11013 - 80002B05

• ERR_CANNOT_ALLOC_BN
• Big integer (BN) allocation failure.
• The system cannot operate with an integer multiprecision number. This is usually a problem with the input data of the request, but may be related to memory management. See ERR_CANNOT_ALLOC_MEM for more details that may apply in this situation.

11014 - 80002B06

• ERR_CANNOT_ALLOC_JSON
• Error when manipulating JSON content.
• See ERR_CANNOT_ALLOC_MEM for more details that may apply in this situation.

12001 - 80002EE1

• ERR_CRYPTOHW_OPEN_FAILURE
• TAC_ERR_CRYPTOHW_OPEN_FAILURE
• TAC_ERR_CRYPTOHW_OPEN_FAILURE

12002 - 80002EE2

• ERR_CRYPTOHW_SETUP_FAILURE
• TAC_ERR_CRYPTOHW_SETUP_FAILURE
• TAC_ERR_CRYPTOHW_SETUP_FAILURE

12003 - 80002EE3

• ERR_CRYPTOHW_READ_FAILURE
• TAC_ERR_CRYPTOHW_READ_FAILURE
• TAC_ERR_CRYPTOHW_READ_FAILURE

12004 - 80002EE4

• ERR_CRYPTOHW_INVALID_CRC
• TAC_ERR_CRYPTOHW_INVALID_CRC
• TAC_ERR_CRYPTOHW_INVALID_CRC

12005 - 80002EE5

• ERR_CRYPTOHW_WRITE_FAILURE
• TAC_ERR_CRYPTOHW_WRITE_FAILURE
• TAC_ERR_CRYPTOHW_WRITE_FAILURE

12006 - 80002EE6

• ERR_CRYPTOHW_UNEXPECTED_MSG
• TAC_ERR_CRYPTOHW_UNEXPECTED_MSG
• TAC_ERR_CRYPTOHW_UNEXPECTED_MSG

12007 - 80002EE7

• ERR_CRYPTOHW_CONNECT_FAILED
• TAC_ERR_CRYPTOHW_CONNECT_FAILED
• TAC_ERR_CRYPTOHW_CONNECT_FAILED

12008 - 80002EE8

• ERR_CRYPTOHW_SEND_FAILED
• TAC_ERR_CRYPTOHW_SEND_FAILED
• TAC_ERR_CRYPTOHW_SEND_FAILED

12009 - 80002EE9

• ERR_CRYPTOHW_RECV_FAILED
• TAC_ERR_CRYPTOHW_RECV_FAILED
• TAC_ERR_CRYPTOHW_RECV_FAILED

36000 - 80008CA0

• ERR_REPLICATION_BUSY
• Failure in the replication layer.
• The request cannot be executed because the replication layer is still updating/saving synchronization data. This is a temporary problem. Please try again in a few moments.

36001 - 80008CA1

• ERR_REPLICATION_D_BUSY
• Failure in the replication layer.
• The request cannot be executed. The replication layer has pending data synchronization updates. This is usually a complex issue that requires the intervention of the manufacturer.

36002 - 80008CA2

• ERR_REPLICATION_S_BUSY
• Failure in the replication layer.
• The request cannot be executed because the replication layer is still updating/saving synchronization data. This is a temporary problem. Please try again in a few moments.

36003 - 80008CA3

• ERR_REPLICATION_STORAGE_LAYER_BUSY
• Failure in the replication layer.
• The request cannot be executed because the replication layer is still updating/saving synchronization data. This is a temporary problem. Please try again in a few moments.

36004 - 80008CA4

• ERR_REPLICATION_SEC_LAYER_BUSY
• Failure in the replication layer.
• The request cannot be executed because the replication layer is still updating/saving synchronization data. This is a temporary problem. Please try again in a few moments.

36500 - 80008E94

• ERR_REPLICATION_PEER_NOT_SYNCED
• Replication transaction failure.
• The request cannot be executed. The replication layer has detected an unsynchronized pool device. Without a live-sync, any operation that requires updates to the storage layer will fail, protecting the client's databases from divergence problems (called "split-brain", when the data between the HSMs in the same pool is not perfectly mirrored). This error usually occurs when a new device is added to an existing pool without undergoing a proper live-sync with other peers.

37001 - 80009089

• ERR_REPLICATION_CANNOT_PREPARE_TRANS
• Replication transaction failure.
• The request cannot be executed because the replication layer was unable to prepare a distributed transaction. This may or may not be a temporary problem. If it persists, the manufacturer must be called.

37002 - 8000908A

• ERR_REPLICATION_CANNOT_P2P_HANDSHAKE
• Replication network protocol failure.
• The request cannot be executed. A network failure has occurred, or the HSMs have not been properly configured so that synchronization occurs between them (the devices can only replicate if they are booted with the same SVMK and operating mode). This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37003 - 8000908B

• ERR_REPLICATION_CANNOT_P2P_FIND
• Incomplete network cache.
• The request cannot be executed because the replication layer was unable to locate an HSM involved. This is a rare occurrence, signaling an incomplete/invalid IP address cache. Please check this setting in the local console (shell).

37004 - 8000908C

• ERR_REPLICATION_CANNOT_P2P_CONNECT
• Connection failure in the network subsystem.
• The request cannot be executed. A connection failure occurred in the network subsystem, and one or more of the HSMs involved could not be reached. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37005 - 8000908D

• ERR_REPLICATION_CANNOT_P2P_SEND
• Replication layer data transmission failure.
• The request cannot be executed. A transmission failure in the network subsystem has occurred between HSMs. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37006 - 8000908E

• ERR_REPLICATION_CANNOT_P2P_RECV
• Replication layer data transmission failure.
• The request cannot be executed. A transmission failure in the network subsystem has occurred between HSMs. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37007 - 8000908F

• ERR_REPLICATION_CANNOT_P2P_SEND_ALL
• Replication layer data transmission failure.
• The request cannot be executed. A transmission failure in the network subsystem has occurred between HSMs. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37008 - 80009090

• ERR_REPLICATION_CANNOT_P2P_RECV_ALL
• Replication layer data transmission failure.
• The request cannot be executed. A transmission failure in the network subsystem has occurred between HSMs. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37009 - 80009091

• ERR_REPLICATION_CANNOT_P2P_SCONNECT
• Connection failure in the network subsystem.
• The request cannot be executed. A TLS failure has occurred in the network subsystem, or the HSMs have not been properly configured so that synchronization occurs between them (the devices can only replicate if they are booted with the same SVMK and operating mode). This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37010 - 80009092

• ERR_REPLICATION_CANNOT_P2P_SSEND
• Failure to transmit encrypted data from the replication layer.
• The request cannot be executed. There has been a TLS transmission failure between HSMs. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37011 - 80009093

• ERR_REPLICATION_CANNOT_P2P_SRECV
• Failure to transmit encrypted data from the replication layer.
• The request cannot be executed. There has been a TLS transmission failure between HSMs. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37012 - 80009094

• ERR_REPLICATION_CANNOT_P2P_SSEND_ALL
• Failure to transmit encrypted data from the replication layer.
• The request cannot be executed. There has been a TLS transmission failure between HSMs. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37013 - 80009095

• ERR_REPLICATION_CANNOT_P2P_SRECV_ALL
• Failure to transmit encrypted data from the replication layer.
• The request cannot be executed. There has been a TLS transmission failure between HSMs. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37014 - 80009096

• ERR_REPLICATION_CANNOT_P2P_WORK
• Processing failure in the network subsystem.
• The request cannot be executed. There has been a failure in the replication layer involving the configuration of an operation in the network subsystem. If this persists, contact the manufacturer.

37015 - 80009097

• ERR_REPLICATION_NOT_FOUND
• Failure in the replication layer.
• Reserved for HSMs performing synchronization at the replication layer. In rare cases, the client may come into contact with this return code, especially when retrieving information remotely via administrative tools. This should be a temporary problem. If it persists, contact the manufacturer.

37016 - 80009098

• ERR_REPLICATION_ACK_NOT_FOUND
• Replication transaction confirmation failed.
• Reserved for HSMs performing synchronization in the replication layer. This should be a temporary problem. If it persists, contact the manufacturer.

37017 - 80009099

• ERR_REPLICATION_INVALID_OPERATION
• Invalid synchronization request.
• Operations can be classified as invalid if one or more parameters are not recognized by the HSM, and/or are not valid in context. This error can be the result of invalid requests from clients (e.g. entering invalid data), the consequence of IO (read/write) problems on the server side, or a divergence in the software version (when devices in the same pool are configured with different firmware versions). This may be a temporary problem. For assistance, contact the manufacturer.

37018 - 8000909A

• ERR_REPLICATION_INVALID_EVENT
• Invalid replication occurs.
• Replication layer events can be classified as invalid if they are not recognized by the HSM, and/or are not valid in context (e.g. when clients send node-down requests, but the supposedly inaccessible device can be reached by the device). On rare occasions, divergences in firmware versions can cause this error.

37019 - 8000909B

• ERR_REPLICATION_OPERATION_FAILED
• Failure in the replication layer.
• Reserved for HSMs performing synchronization at the replication layer. In rare cases, the client may come into contact with this return code, especially when sending a 'pulsing' remotely via administrative tools. This should be a temporary problem. If it persists, contact the manufacturer.

37020 - 8000909C

• ERR_REPLICATION_COMMIT_FAILED
• Read/write failure in the replication layer.
• Reserved for HSMs performing synchronization at the replication layer. In rare cases, the client may come into contact with this return code, especially when sending node-down notifications remotely via administrative tools. Live-syncs between devices can generate this exception. This should be a temporary problem. If it persists, contact the manufacturer.

37021 - 8000909D

• ERR_REPLICATION_ERASE_FAILED
• Read/write failure in the replication layer.
• Reserved for HSMs performing synchronization at the replication layer. In rare cases, the client may come into contact with this return code, especially when sending node-down notifications remotely via administrative tools. This should be a temporary problem. If it persists, contact the manufacturer.

37022 - 8000909E

• ERR_REPLICATION_INQUIRE_FAILED
• Read/write failure in the replication layer.
• Reserved for HSMs performing synchronization in the replication layer. This should be a temporary problem. If it persists, contact the manufacturer.

37023 - 8000909F

• ERR_REPLICATION_UPDATE_ACK_FAILED
• Read/write failure in the replication layer.
• Reserved for HSMs performing synchronization in the replication layer. This should be a temporary problem. If it persists, contact the manufacturer.

37024 - 800090A0

• ERR_REPLICATION_DISPATCH_FAILED
• Read/write failure in the replication layer.
• Reserved for HSMs performing synchronization in the replication layer. This should be a temporary problem. If it persists, contact the manufacturer.

37025 - 800090A1

• ERR_REPLICATION_CANNOT_SL_BE_TRANSP
• Read/write failure in the replication layer.
• The operation cannot be executed. Reserved for structural problems in the replication layer. Administrative requests can generate this error (e.g. updating the network IP address cache). This should be a temporary problem. If it persists, contact the manufacturer.

37026 - 800090A2

• ERR_REPLICATION_CANNOT_PRUNE_LOG
• Read/write failure in the replication layer.
• The operation cannot be executed. Reserved for structural problems in the replication layer. This must be a temporary problem. If it persists, contact the manufacturer.

37027 - 800090A3

• ERR_REPLICATION_CANNOT_LOAD_LOG
• Replication transaction read failure.
• Reserved for HSMs performing synchronization at the replication layer. In rare cases, the client may come into contact with this return code, especially when retrieving information remotely via administrative tools. This should be a temporary problem. If it persists, contact the manufacturer.

37028 - 800090A4

• ERR_REPLICATION_CANNOT_WORK
• Failure in the replication layer.
• Reserved for HSMs performing synchronization at the replication layer. In rare cases, the client may come into contact with this return code, especially when sending node-down notifications remotely via administrative tools. This should be a temporary problem. If it persists, contact the manufacturer.

37029 - 800090A5

• ERR_REPLICATION_CANNOT_VALIDATE_EVENT
• Read/write failure in the replication layer.
• The operation cannot be executed. Reserved for structural problems in the replication layer. This must be a temporary problem. If it persists, contact the manufacturer.

37030 - 800090A6

• ERR_REPLICATION_TRANS_MISMATCH
• Inconsistency failure in replication transaction.
• The operation cannot be executed. Reserved for validating distributed replication layer transactions. Live-syncs between devices can cause this error. This must be a temporary problem. If it persists, contact the manufacturer.

37031 - 800090A7

• ERR_REPLICATION_CANNOT_SYNC_POINT
• Replication transaction failure.
• The operation cannot be executed. Reserved for validating distributed replication layer transactions. Live-syncs between devices can cause this error. This must be a temporary problem. If it persists, contact the manufacturer.

37032 - 800090A8

• ERR_REPLICATION_UNDEFINED_LIVE_SYNC
• Live-sync denied.
• Live-syncs between devices can only occur if the requestor (the HSM that requested the operation on the local console) has not previously performed any operation. Even simply connecting to the requestor via administrative tools will leave it in an undefined state for performing a live-sync. Restarting the service is enough to restore a defined state, in which the HSM can synchronize with its pool.

37033 - 800090A9

• ERR_REPLICATION_CONNECTED_LIVE_SYNC
• Live-sync denied.
• Live-syncs cannot occur when users are connected to the requestor. Disconnect these clients, and try restarting the service. See ERR_REPLICATION_UNDEFINED_LIVE_SYNC for more details.

37034 - 800090AA

• ERR_REPLICATION_SELF_LIVE_SYNC
• Live-sync denied.
• Other devices were not found in the network IP address cache (the HSM will not synchronize with itself). Please check your configuration.

37035 - 800090AB

• ERR_REPLICATION_OBJ_IN_USE
• Failure to remove an object.
• The HSM storage layer was unable to delete an obj (usually a key) because it is open (in use).

37036 - 800090AC

• ERR_REPLICATION_CANNOT_BEGIN_TRANS
• Replication transaction failure.
• The request cannot be executed because the replication layer was unable to initiate a transaction in the storage layer. This may or may not be a temporary problem. If it persists, the manufacturer must be called.

37037 - 800090AD

• ERR_REPLICATION_MAX_NODE_COUNT_REACHED
• Network cache has reached its limit.
• The request cannot be executed because the replication layer cannot add another HSM address (the IP address cache has a total limit of 16 devices).

37038 - 800090AE

• ERR_REPL_CANNOT_PREPARE_LS_TRANS
• Replication transaction failure.
• The live-sync cannot be executed because the replication layer was unable to prepare a distributed transaction. This may or may not be a temporary problem. If it persists, the manufacturer must be contacted.

37039 - 800090AF

• ERR_REPL_PART_CANNOT_ADD_LOG
• Write failure in the replication layer.
• The operation cannot be executed. Reserved for structural problems in the replication layer. This must be a temporary problem. If it persists, contact the manufacturer.

37040 - 800090B0

• ERR_REPL_COOR_CANNOT_ADD_LOG
• Write failure in the replication layer.
• The operation cannot be executed. Reserved for structural problems in the replication layer. This must be a temporary problem. If it persists, contact the manufacturer.

47000 - 8000B798

• ERR_CANNOT_LOAD_DEPRECATED_LICENSE
• Failed to load the device license.
• HSM cannot open/read your license information. This error is usually temporary, but may indicate serious data corruption (and/or hardware problems). Consult the manufacturer.

47001 - 8000B799

• ERR_INVALID_DEPRECATED_LICENSE
• The equipment license cannot be used.
• HSM cannot apply your licensing information. This error is usually temporary, but can signal serious data corruption (and/or hardware problems). Check with the manufacturer.

47002 - 8000B79A

• ERR_DEPRECATED_LICENSE_EXPIRED
• The equipment's license has expired.
• HSM has applied your license information, which has expired. Please consult your supplier.

47003 - 8000B79B

• ERR_DEPRECATED_LICENSE_BLOCKED
• The device's license is blocked.
• HSM has applied its licensing information, which signals blocking. This error may be temporary. Please consult your supplier.