Firmware

HSM Return Codes

0 - zero

SUCCESS
Success code.
The requested operation/function/task has been carried out successfully.

5000 - 80001388

ERR_UNKNOWN
An unknown scenario was encountered.
The requested operation/function/task generated an unknown error. This condition should not occur in practice.

5001 - 80001389

ERR_NET_FAIL
Error in the network subsystem.
Resets and timeouts common to TCP/IP can cause this error. Other (rare) scenarios: resource temporarily unavailable; incorrect address for connect; resources unavailable due to overload; specified server name or IP address is unavailable to local system; no route to specified network/server; connection refused.

5002 - 8000138A

ERR_ACCESS_DENIED
Access denied.
The HSM security subsystem has denied access because the credentials presented are insufficient to execute the request. Authorization in the user partition by smart cards in the 'm of n' scheme (PnAuth) can also block some operations (check its configuration in the local console).

5003 - 8000138B

ERR_CANNOT_CREATE_OBJ
Failure to create an object.
The HSM storage layer was unable to create an obj (usually a key).

5004 - 8000138C

ERR_CANNOT_OPEN_OBJ
Failure to use an object.
The HSM storage layer was unable to open/use an existing obj (usually a key). Check its id.

5005 - 8000138D

ERR_CANNOT_DEL_OBJ
Failure to remove an object.
The HSM storage layer was unable to delete an obj (usually a key).

5006 - 8000138E

ERR_CANNOT_ALLOC_RES
There are not enough resources for the requisition.
The HSM was unable to allocate/manage/use one or more resources for the execution of the request (usually memory).

5007 - 8000138F

ERR_INVALID_CTX
Invalid operational context.
The equipment is capable of working with extremely large resources, broken down into smaller blocks. Operational contexts are used to manage this state (usually associated with hashes, hmacs, or symmetric keys). An unrecognized context was sent in the request.

5008 - 80001390

ERR_INVALID_OPERATION
Invalid request.
Operations can be classified as invalid if one or more parameters are not recognized by the HSM, and/or are not valid in the context.

5009 - 80001391

ERR_INVALID_KEY
Key entered is invalid.
It usually happens when a request tries to perform an operation with an invalid key type (e.g. entering a symmetric key id when performing digital signatures, which are tasks normally performed with asymmetric keys), or with an invalid id.

5010 - 80001392

ERR_NO_TLS_USED
Requests must be made through a secure channel.
Operations that require confidentiality must be requested over a TLS channel, with session encryption. Examples: a) changing passwords; b) generating backups; c) actions on cold partitions;

5011 - 80001393

ERR_CANNOT_CHANGE_PWD
Password change cannot be performed.
It happens in 2 scenarios: a) write failure in the storage layer, or b) shash derivation failed.

5012 - 80001394

ERR_OBJ_NOT_EXPORTABLE
Failure to extract an object (violation of security policy).
Objects in the HSM can be saved using a generic security policy: a) they are exportable, or b) they are NOT exportable. Keys are usually stored in non-exportable mode, while certificates (by their very public nature) can be removed from the device. This error occurs whenever a request tries to retrieve the contents of non-exportable objects.

5013 - 80001395

ERR_USR_ALREADY_EXISTS
Failed to create an existing user.
The storage and security layers work with partitions to isolate data. This error occurs when a user creation request is made using an existing partition identifier.

5014 - 80001396

ERR_INVALID_USR_NAME
Username entered is invalid.
The security layer only allows user identifiers made up of alphanumeric characters (letters or numbers).

5015 - 80001397

ERR_CANNOT_CREATE_USR
User creation (sub)operation failed.
User creation can fail with this code in the following scenarios: a) replication live-sync.

5016 - 80001398

ERR_NO_MORE_LOG_SLOTS
Remote logging unavailable.
The log subsystem supports remote monitoring (for users with sufficient permissions, such as sys-operators). But there are a limited number of sessions that can receive the related events (currently 7), avoiding overloading the system.

5017 - 80001399

ERR_CANNOT_DELETE_USR
User removal (sub)operation failed.
Removing users can fail with this code in the following scenarios: a) in requests to delete users ([a.1] when 1 or more objects of the corresponding partition are in use; [a.2] write failures in the storage layer), or b) live-sync replication.

5018 - 8000139A

ERR_CANNOT_DELETE_MASTER
The master user cannot be removed.
The master user is special. He is the HSM's system operator (from the factory), and cannot be removed.

5019 - 8000139B

ERR_NOT_IMPLEMENTED
The requested functionality is not implemented.
No device module can perform the requested operation. Please contact the manufacturer (a firmware update may solve the problem).

5020 - 8000139C

ERR_USR_NOT_FOUND
User not located.
A request was made for a non-existent user. Please check your partition identifier.

5021 - 8000139D

ERR_INVALID_PAYLOAD
The request sent invalid data.
This is usually a sign of poorly formed content (e.g. corrupted files) or inappropriate parameters.

5022 - 8000139E

ERR_OBJ_ALREADY_EXISTS
Failed to create an existing object.
The storage layer works with case-sensitive object identifiers and works by partitioning.

5023 - 8000139F

ERR_INVALID_OBJ_NAME
The object name entered is invalid.
The security layer only accepts object identifiers made up of alphanumeric characters (letters or numbers) and '_' (an ASCII character whose value is equal to 0x5F).

5024 - 800013A0

ERR_OBJ_IN_USE
Object currently in use.
The request cannot be executed because the object entered is open in some process.

5025 - 800013A1

ERR_CANNOT_WRITE_BACKUP_BLOB
Backup recording failed.
The storage layer cannot write the backup image to disk. This occurs in the following scenarios: a) backup restore requests, or b) replication live-sync.

5026 - 800013A2

ERR_CANNOT_OPEN_BACKUP_BLOB
Failed to read backup.
The storage layer cannot read the disk backup image. This occurs in the following scenarios: a) backup restore requests, or b) replication live-sync.

5027 - 800013A3

ERR_CANNOT_RESTORE_BACKUP_BLOB
Backup restore failed.
The storage layer cannot prepare the image of the submitted backup. In order to properly update the system data, this image must be opened, processed and prepared for final saving by the local console (shell). This error occurs in: a) backup restore requests.

5028 - 800013A4

ERR_INVALID_BACKUP_PIN_OR_LEN
Backup image validation failed.
An invalid backup may have been sent to the server. The problem usually lies in the PIN entered for decrypting the image. If the PIN is incorrect, the firmware cannot read the correct content. This error occurs in: a) backup restore requests.

5029 - 800013A5

ERR_INVALID_XML_SIGNATURE
Invalid DSig XML signature.
The XML module checked a signature for compliance with RFC 3275, deeming it invalid. Further information on this standard can be found in the document ietf.org/rfc/rfc3275.txt.

5030 - 800013A6

ERR_INVALID_CERTIFICATE
The certificate entered is invalid.
Occurs in the following scenarios: a) PKCS #7 signatures ([a.1] when the DER representation of the informed X.509 certificate cannot be loaded and/or decoded; [a.2] there is no correspondence between the certificate and its private key); b) SPB encode/decode/map/cert-import ([b.1] one of the required certificates is not a DER representation of X.509b.2] one of the certificates is not valid in ICP Brazil; [b.3] the PEM representation of the certificate is greater than 10kb); c) certificate association for authentication in the user partition (SA), when the informed X.509 DER representation cannot be loaded and/or decoded;

5031 - 800013A7

ERR_VERIFY_XML_FAILED
DSig XML signature verification failed.
The XML module tried to verify a digital signature in the RFC 3275 standard, but errors occurred during the operation, and a more precise diagnosis cannot be detailed (occurs in memory allocation failures, IO, problems in the xml template, problems with certificates, etc).

5032 - 800013A8

ERR_INVALID_XML
DSig XML signature or verification failed.
The XML module tried to generate or verify a signature in the RFC 3275 standard, but was unable to handle the XM provided (it is probably malformed/invalid).

5033 - 800013A9

ERR_SIGN_XML_FAILED
DSig XML signature failure.
The XML module tried to generate a signature in the RFC 3275 standard, but errors occurred during the operation, and a more precise diagnosis cannot be detailed (occurs in memory allocation failures, IO, problems in the xml template, problems with certificates, etc).

5034 - 800013AA

ERR_UPACK_VERIFY_FAILED
Invalid firmware update package.
Firmware updates are carried out via packages (upacks) submitted to the device. To prevent the entry of unsafe/malicious content and/or the execution of corrupted components, the upacks are digitally signed by the manufacturer and verified before being applied.

5035 - 800013AB

ERR_CANNOT_TRUNCATE_LOG
Failed to truncate the audit log.
Audit logs have a maximum size of ~4GB, but can be truncated to free up system resources. This error usually signals problems at the storage layer: the HSM may be under extremely high loads, and/or physical disk problems are preventing the operation from running. Please try again in a few moments. If the error persists, a reboot of the device is recommended. If the log cannot be truncated after rebooting, please contact the manufacturer for further instructions.

5036 - 800013AC

ERR_CANNOT_BACKUP_OLD_LOG
Failed to save temporary image of audit logs.
To truncate the audit logs atomically, a temporary internal copy may be required. In practice, this code is rarely used, and has been discontinued in more recent firmware versions.

5037 - 800013AD

ERR_CERTIFICATE_EXPIRED
The certificate provided has expired.
A certificate is considered expired using the equipment's current date/time. It occurs in the following scenarios: a) SPB encode/decode/map/cert-import; b) CRL validation; c) DSig XML signing/verification in the RFC 3275 standard;

5038 - 800013AE

ERR_CERTIFICATE_FAILED
Certificate processing failure.
In certain contexts - for example, when decoding the contents of a certificate - a certain error may have occurred, preventing a more precise diagnosis (e.g. memory allocation failures, IO problems, etc.). This occurs in: a) SPB decode requests (normally associated with GEN messages that trigger automatic certificate exchange operations); b) SPB cert-import; c) signing/verification of DSig XML in accordance with RFC 3275;

5039 - 800013AF

ERR_CERTIFICATE_NOT_FOUND
The certificate could not be found.
Signing/verification of DSig XML to the standard of RFC 3275 cannot be performed, as the storage layer was unable to locate/open the certificate (can also occur when there are failures in extracting certificates in PKCS #7 messages/containers).

5040 - 800013B0

ERR_CERTIFICATE_REVOKED
The certificate provided is revoked.
Occurs in the following scenarios: a) CRL validation; b) XML DSig signing/verification in accordance with RFC 3275;

5041 - 800013B1

ERR_CERTIFICATE_ISSUER_FAILED
The issuer of the certificate is invalid/unknown.
The XML module tried to generate/verify a signature in the RFC 3275 standard, but 1 or more certificates in the chain of trust were not identified.

5042 - 800013B2

ERR_CERTIFICATE_NOT_YET_VALID
The certificate is not yet valid.
Using the current HSM date/time as a reference, the informed certificate is not yet valid for use (i.e. its initial date/time is an event in the future). Occurs in the following scenarios: a) CRL validation; b) DSig XML signing/verification in the RFC 3275 standard;

5043 - 800013B3

ERR_CERT_EXPIRED_SIGN_VALID
A valid DSig XML signature was made with an expired certificate.
The verification of XML DSig in the RFC 3275 standard was successful, but the certificate used in the process is expired (a "dated verification" was made; the signature was valid at the time of generation, and is still correct, if the expiration of the certificate used - taking the current date/time of the HSM as a reference - is disregarded).

5044 - 800013B4

ERR_CRL_EXPIRED
The list of revoked certificates (CRL) is expired.
CRL validation has failed because it is expired (current date/time of the device used as a reference).

5045 - 800013B5

ERR_INVALID_CRL_SIGN
The signature of the revoked certificate list (CRL) is invalid.
CRL signature verification failed (more details in RFC 2459).

5046 - 800013B6

ERR_CRL_CERT_MISMATCH
The issuer of the certificate revocation list (CRL) is invalid.
Verification of the CRL issuer has failed (the issuer certificate entered does not match).

5047 - 800013B7

ERR_CERT_REVOKED_LIBCLIENT_FIX1
The certificate provided is revoked.
See details in ERR_CERTIFICATE_REVOKED.

5048 - 800013B8

ERR_ACCESS_DENIED_TOKEN_NOT_NEEDED
Access denied.
The HSM security subsystem denied access because the credentials presented to execute the request include invalid authentication factors (such as the OTP of a token, when the user is not configured to use it).

5049 - 800013B9

ERR_ACCESS_DENIED_TOKEN_NEEDED
Access denied.
The HSM security subsystem denied access because the credentials presented to execute the request do not include mandatory authentication factors (such as the OTP of a token, since the user is configured to use it).

5050 - 800013BA

ERR_CERT_REVOKED_CRL_VAL_UNUSED
The certificate provided is revoked.
Certificate validation has been carried out without verifying the CRL (i.e. the certificate is included in the CRL, which has not had its signature verified).

5051 - 800013BB

ERR_CERT_VALID_CRL_VAL_UNUSED
The certificate provided is not revoked.
Certificate validation was carried out without verifying the CRL (i.e. the certificate is not included in the CRL, which has not had its signature verified).

5052 - 800013BC

ERR_CANNOT_PARSE_XML
Error in XML manipulation.
The HSM was unable to decode the XML provided (it is probably malformed/invalid). Occurs in the following scenarios: a) signing/verification of DSig XML to the RFC 3275 standard; b) import of PSKC files by the module OATH;

5053 - 800013BD

ERR_CANNOT_CREATE_XML_SIG_TEMPL
DSig XML template creation failed.
The XML module tried to make an XML DSig signature in the RFC 3275 standard, but the manipulation of the XML generated errors in the construction of the required format. A detailed description with the diagnosis of the tags involved is not available (usually due to memory allocation problems).

5054 - 800013BE

ERR_CANNOT_ADD_XML_SIG_TEMPL_REF
DSig XML template creation failed.
O módulo XML tentou fazer uma assinatura XML DSig no padrão da RFC 3275, mas a manipulação da tag <dsig:Signature/> gerou erros na construção do formato necessário. Uma descrição pormenorizada com um diagnóstico completo não está disponível (normalmente, devido a problemas de alocação de memória).

5055 - 800013BF

ERR_CANNOT_ADD_XML_SIG_TEMPL_TRANS
DSig XML template creation failed.
The XML module tried to make an XML DSig signature in the RFC 3275 standard, but the manipulation of the enveloped and/or C14N tags generated errors in the construction of the required format. A detailed description with a complete diagnosis is not available (usually due to memory allocation problems).

5056 - 800013C0

ERR_CANNOT_ADD_XML_SIG_KEY_INFO
DSig XML template creation failed.
O módulo XML tentou fazer uma assinatura XML DSig no padrão da RFC 3275, mas a manipulação da tag <dsig:KeyInfo/> gerou erros na construção do formato necessário. Uma descrição pormenorizada com um diagnóstico completo não está disponível (normalmente, devido a problemas de alocação de memória).

5057 - 800013C1

ERR_CANNOT_ADD_XML_SIG_KEY_CERT
DSig XML template creation failed.
O módulo XML tentou fazer uma assinatura XML DSig no padrão da RFC 3275, mas a manipulação da tag <dsig:X509Data/> gerou erros na construção do formato necessário. Uma descrição pormenorizada com um diagnóstico completo não está disponível (normalmente, devido a problemas de alocação de memória).

5058 - 800013C2

ERR_CANNOT_ALLOC_XML_SIG_CTX
DSig XML signature or verification failed.
The XML module tried to generate or verify a signature in the RFC 3275 standard, but was unable to allocate an internal context structure (probably a memory allocation failure).

5059 - 800013C3

ERR_CANNOT_PARSE_DER_PRIV_KEY
DSig XML signature failure.
The XML module tried to generate a signature in the RFC 3275 standard, but was unable to retrieve the required private key. This is usually a memory allocation problem when decoding DER structures. In extreme situations, it can signal internal data corruption.

5060 - 800013C4

ERR_XML_CANNOT_LOAD_PRIV_KEY
DSig XML signature failure.
The XML module tried to generate a signature in the RFC 3275 standard, but was unable to retrieve the required private key. This is usually a memory allocation problem when decoding DER structures. In extreme situations, it can signal internal data corruption.

5061 - 800013C5

ERR_XML_CANNOT_LOAD_CERT
DSig XML signature failure.
The XML module tried to generate a signature in the RFC 3275 standard, but was unable to retrieve the necessary certificate. This is usually a memory allocation problem when decoding DER structures. In extreme situations, it can signal internal data corruption.

5062 - 800013C6

ERR_XML_CANNOT_CREATE_KEY_MNG
DSig XML verification failed.
The XML module tried to verify a signature in the RFC 3275 standard, but was unable to allocate an internal data structure. This is usually a memory allocation problem.

5063 - 800013C7

ERR_XML_CANNOT_INIT_KEY_MNG
DSig XML verification failed.
The XML module tried to verify a signature in the RFC 3275 standard, but was unable to manipulate an internal key structure. This is usually a memory allocation problem.

5064 - 800013C8

ERR_XML_CANNOT_LOAD_TRUSTED_CERTS
DSig XML verification failed.
The XML module tried to verify a signature in the RFC 3275 standard, but was unable to retrieve the required certificate chain. This is usually a memory allocation problem when decoding DER structures. In extreme situations, it can signal internal data corruption.

5065 - 800013C9

ERR_XML_SIG_NODE_NOT_FOUND
DSig XML verification failed.
O módulo XML tentou verificar uma assinatura no padrão da RFC 3275, mas não conseguiu localizar a tag <dsig:Signature/> (o XML é provavelmente malformado/inválido).

5066 - 800013CA

ERR_XML_CERT_NODE_NOT_FOUND
DSig XML verification failed.
O módulo XML tentou verificar uma assinatura no padrão da RFC 3275, mas não conseguiu localizar a tag <dsig:X509Data/> (o XML é provavelmente malformado/inválido).

5067 - 800013CB

ERR_XML_CANNOT_DECODE_CERT_NODE
DSig XML verification failed.
O módulo XML tentou verificar uma assinatura no padrão da RFC 3275, mas não conseguiu decodificar a tag <dsig:X509Data/> em uma representação DER válida para um certificado X.509 (o XML pode estar malformado/inválido, e/ou problemas de alocação de memória foram encontrados).

5068 - 800013CC

ERR_CANNOT_PARSE_DER_CERT
DSig XML verification failed.
O módulo XML tentou verificar uma assinatura no padrão da RFC 3275, mas não conseguiu decodificar a tag <dsig:X509Data/> em uma representação DER válida para um certificado X.509 (o XML pode estar malformado/inválido, e/ou problemas de alocação de memória foram encontrados).

5069 - 800013CD

ERR_DEPRECATED_XML_COMPRESS
XML DSig operation failed.
The XML module was unable to parse the data entered for signature generation/verification in the RFC 3275 standard. The following were supported: RFC 1950 (ZLIB), RFC 1951 (DEFLATE), and RFC 1952 (GZIP), but this functionality has been removed. New firmware versions will return ERR_CANNOT_PARSE_XML.

5070 - 800013CE

ERR_INVALID_CERTIFICATE_NULL_RES
Certificate handling failure.
In certain contexts - for example, when decoding the contents of a certificate - a certain error may have occurred, preventing a more precise diagnosis (e.g. memory allocation failures, IO problems, etc.). Occurs in: a) SPB decode/encode/map requests (e.g. in GEN messages that trigger automatic certificate exchange operations); b) XML DSig signatures in the RFC 3275 standard; c) PKCS #12 file imports;

5071 - 800013CF

ERR_CANNOT_RECREATE_MASTER
Master user recreation failed.
The storage and security layers work with partitions to isolate data. This error occurs when a request is made to create a user with the name 'master' (the master user is special; it is the system operator of the HSM, and cannot be [re]created or removed).

5072 - 800013D0

ERR_CANNOT_CREATE_USR_STORAGE1
User creation operation failed.
This occurs when a user creation operation has been accepted and distributed by the replication layer, but there has been a failure to write data to the storage layer. This error should be temporary. If it persists, contact the manufacturer.

5073 - 800013D1

ERR_CANNOT_CREATE_USR_STORAGE2
User creation/removal operation failed.
DISCONTINUED. Occurs in older firmware versions, when user creation/removal operations have been accepted and distributed by the replication layer, but there has been a failure to write data to the storage layer. This error should be temporary. If it persists, contact the manufacturer.

5074 - 800013D2

ERR_CANNOT_CREATE_USR_DEFAULT_ACL
Failure to save user data.
Occurs when: a) a user creation operation has been accepted and distributed by the replication layer, but permission data has failed to be written to the storage layer. In this scenario, this error should be temporary (if it persists, contact the manufacturer); b) replication live-sync failed to write permissioning data; in this scenario, the error is synchronous;

5075 - 800013D3

ERR_CANNOT_ALLOC_CTX
Failure to allocate operational context.
The equipment is capable of working with extremely large resources, broken down into smaller blocks. Operational contexts are used to manage this state, usually associated with hashes, hmacs or symmetric keys. For example, an SPB decode operation can fail with this return code when handling compressed messages. Another (rare) situation where this error occurs is when the DRBG subsystem fails to generate random numbers. Normally, operational context allocation failures occur when there is no more memory available for processing a resource.

5076 - 800013D4

ERR_CANNOT_LOAD_PRIV_KEY
Private key recovery failed
Private keys are used in asymmetric cryptography operations to make digital signatures or to open symmetric key envelopes. One operation tried to recover an existing RSA/ ECC private key, but was unable to decrypt its DER representation. Memory allocation problems are the typical culprits; in extreme cases, there may have been some data corruption. Occurs in: a) essential RSA/ECC tasks; b) signature generation in the ISO 9796 standard; c) imports/exports in the PKCS #8 standard; d) SPB decode requests (e.g. in GEN messages that trigger automatic certificate exchange operations);

5077 - 800013D5

ERR_CANNOT_DECODE_PUB_KEY
Public key recovery failed
Public keys are used in asymmetric cryptography operations to verify digital signatures or to envelop symmetric keys. An operation tried to recover an RSA/ ECC public key, but was unable to process its DER representation. Memory allocation problems are the typical culprits; in extreme cases, there may have been some data corruption. Occurs in: a) essential RSA/ECC tasks;

5078 - 800013D6

ERR_CANNOT_GENERATE_RND_DATA
Failure to generate random numbers
The HSM was unable to generate a block of cryptographically strong random numbers. The (rare) origin of this error is the DRBG subsystem's inability to move forward (usually related to memory allocation problems). It occurs when: a) authenticating users; b) explicitly requesting the generation of random numbers; c) issuing blobs OATHd) when the replication layer needs to synchronize data from devices in the same pool;

5079 - 800013D7

ERR_CACHE_LAYER_EXHAUSTED
Failure to use an object.
The HSM operates with several levels of caching, optimizing its storage layer. It was not possible to open/use an existing object (usually a key) because, in order to run with exceptional performance, a limited amount of memory is reserved for caching. In practice, pending connections should be checked (they may be keeping temporary objects open), and/or objects no longer required for regular operation should be removed.

5080 - 800013D8

ERR_RSA_POWER_SIGN_FAILED
Optimized RSA signature failure.
The main HSM module tried to generate a digital signature in the PKCS #1 standard, but execution errors occurred, and there are no more specific details, with a precise diagnosis (reporting memory allocation problems, etc.).

5081 - 800013D9

ERR_CANNOT_DEMOTE_MASTER
Master user permissions update failed.
The master user is special; he is the system operator of the HSM, and cannot have his permissions removed.

5100 - 800013EC

ERR_CANNOT_GET_SYS_INFO
Failure to retrieve system information.
The status manager module was unable to retrieve important system information to send to the client. In very rare scenarios (e.g. legacy firmware versions), this code can signal a failure in the DRBG subsystem when trying to obtain date/time counters (essential for diversifying its state).

5101 - 800013ED

ERR_CANNOT_ALLOC_UPACK_ID
Failed to send firmware update.
Firmware updates are carried out via update-packages (upacks), sent remotely via the administrative console. The state manager module was unable to receive an update because the generation of its internal unique identifier failed. A malfunction in the DRBG subsystem could be responsible for this return code (see ERR_CANNOT_GENERATE_RND_DATA for more details).

5102 - 800013EE

ERR_CANNOT_ALLOC_UPACK_PATH
Failed to send firmware update.
Firmware updates are carried out via update-packages (upacks), sent remotely via the administrative console. The state manager module was unable to receive an update because the generation of its internal name failed (memory allocation problem).

5103 - 800013EF

ERR_CANNOT_WRITE_UPACK_OBJ
Failed to send firmware update.
Firmware updates are carried out via update-packages (upacks), sent remotely via the administrative console. The state manager module was unable to receive an update because its write to the storage layer failed.

5104 - 800013F0

ERR_INVALID_CRL
List of revoked certificates (CRL) is invalid.
Lists of revoked certificates are used in ICPs to store serial numbers of certificates that have been revoked (and should therefore no longer be considered trustworthy). An operation tried to retrieve a CRL, but was unable to decode its DER representation. Memory allocation problems are the typical culprits; in extreme cases, there may have been some data corruption.

5105 - 800013F1

ERR_OPERATION_FAILED
Requested operation/function/task failed.
The requested operation/function/task generated this generic error - sometimes discontinued/legacy - to signal an internal operational problem. It can occur in various scenarios (e.g. mathematical/scriptographic operations, memory allocation, IO, etc). More recent firmware versions work with more specialized return codes, which allow problems to be resolved more quickly and immediately.

5106 - 800013F2

ERR_GET_USR_ACL_FAILED
Failed to retrieve permission information.
The security layer cannot retrieve the access control list (ACL) with the user's permissions. This is usually a temporary problem. Please check the user identifier, and try again in a few moments.

5107 - 800013F3

ERR_INVALID_SIGNATURE
Invalid digital signature.
The HSM identified an invalid signature/code when performing RSA/ECC/EdDSA/MAC checks or AEAD/XML/SPB/PIX operations.

5108 - 800013F4

ERR_CANNOT_GENERATE_SOFT_TOKEN
The HOTP soft-token issue failed.
DISCONTINUED. Returned by old firmware versions when the automatic issuance of HOTP apps/tokens in JavaME failed. NOTE: the OTP module is no longer available, and is considered insecure by modern security practices.

5109 - 800013F5

ERR_INVALID_SECRET
Invalid safety critical parameter.
Critical security parameters (CSP) can take many forms: cryptographic keys, passwords, one-time-passwords (OTPs), PINs, 'm of n' components, etc. One of these parameters was sent in a request for processing, and it was found to be invalid. The EFT, EMV, and OATH modules can return this code.

5120 - 80001400

ERR_ACCESS_DENIED_USR_BLOCKED
Access denied and user blocked.
The HSM security subsystem denied access because the credentials presented were insufficient to execute the request. The user has also been blocked (disabled), as the global security policy has been activated.

5121 - 80001401

ERR_INVALID_IMEI
The HOTP soft-token issue failed.
DISCONTINUED. Returned by old firmware versions when automatic issuance of HOTP apps/tokens in JavaME failed (due to invalid IMEI). NOTE: the OTP module is no longer available, and is considered insecure by modern security practices.

5122 - 80001402

ERR_REPLAY_DETECTED
OTP reuse attempt detected.
The OATH module detected an attempt to reuse a One Time Password (OTP), and returned an exception. It can be used with HOTP and TOTP OTPs.

5123 - 80001403

ERR_NON_APPROVED_OPERATION
Operation not permitted in restricted mode.
A feature has been requested with the HSM operating in restricted mode (e.g. MC7 or FIPS). Only specific algorithms/protocols/standards are allowed (i.e. legacy cryptography such as MD5 and ARC4 is prohibited). Restoring backups generated in standard mode is not allowed when restricted mode is active (firmware updates are also disabled).

5124 - 80001404

ERR_ACCESS_DENIED_OBJ_BLOCKED
Access denied due to block on object.
The HSM's security subsystem has denied access to an object (usually a key) because it is locked (disabled), or has violated some SP 800-57 policy (in this case, first check the device's date/time). The owner of the partition where the object resides (or another authorized user) may be able to unlock it.

5125 - 80001405

ERR_DRBG_CONTINUOUS_TEST
Failure to generate random numbers
HSM has detected a problem in its cryptographic random number generator by performing a runtime check. See ERR_CANNOT_GENERATE_RND_DATA for more details that may apply in this situation.

5126 - 80001406

ERR_RSA_CONTINUOUS_TEST
Key creation/read/import failed.
DISCONTINUED. Occurs in older firmware versions. See ERR_KEY_CONTINUOUS_TEST.

5127 - 80001407

ERR_ECC_CONTINUOUS_TEST
Key creation/read/import failed.
DISCONTINUED. Occurs in older firmware versions. See ERR_KEY_CONTINUOUS_TEST.

5128 - 80001408

ERR_OF_CONTINUOUS_TEST
Key creation/read/import failed.
DISCONTINUED. Occurs in older firmware versions. See ERR_KEY_CONTINUOUS_TEST.

5129 - 80001409

ERR_AES_CONTINUOUS_TEST
Key creation/read/import failed.
DISCONTINUED. Occurs in older firmware versions. See ERR_KEY_CONTINUOUS_TEST.

5130 - 8000140A

ERR_ALT_BN128_CONTINUOUS_TEST
Key creation/read/import failed.
DISCONTINUED. Occurs in older firmware versions. See ERR_KEY_CONTINUOUS_TEST.

5175 - 80001437

ERR_CANNOT_UPDATE_OBJ
Failure to update an object.
The HSM storage layer was unable to update an obj (this usually involves its metadata, but also occurs in [a] map updates, [b] {un}locking objs, and [c] live-sync replication).

5176 - 80001438

ERR_CANNOT_GET_PWD_POLICY
Failed to recover critical password security parameter.
A critical security parameter (CSP) password cannot be recovered by the storage layer (shash, expiration policy, and/or global size/format policy). This must be a temporary problem, caused by competing access to the equipment. If the error persists, the manufacturer should be contacted.

5177 - 80001439

ERR_PWD_BLOCKED_BY_POLICY
Invalid password according to HSM's security policy.
The security layer has blocked a password change or user creation because the global size/format policy has been violated.

5178 - 8000143A

ERR_PWD_EXPIRED
Asked to change user password, or a-token is expired.
Occurs when: a) The global password expiration policy is active. The security layer has successfully authenticated the user credentials, but has requested a password change in order to release use of the established session; b) The access/authentication token has expired and can no longer be used for user impersonation;

5179 - 8000143B

ERR_CERT_VALID_CRL_VAL_UNUSED_CRL_EXPIRED
The certificate provided is not revoked.
The certificate check was carried out with a CRL that was considered expired (using the current date/time of the device). In other words, the certificate is not included in the CRL, but no signature checks have been carried out.

5180 - 8000143C

ERR_CERT_VALID_CRL_EXPIRED
The certificate provided is not revoked.
The certificate check was carried out with a CRL that was considered expired (using the current date/time of the device). In other words, the certificate is not included in the CRL, and signature checks have been carried out.

5181 - 8000143D

ERR_INVALID_CERT_SIGN
The certificate entered is invalid.
The CRL check detected an invalid certificate signature.

5200 - 80001450

ERR_CANNOT_LOAD_CORRUPTED_OBJ
Failed to load an object.
The HSM cannot open/export/rename an existing object (usually a key) because its integrity test has failed. The firmware employs a SHA1 checksum (of 160 bits). This error may be temporary, but usually signals serious data corruption (and/or hardware problems). Check with the manufacturer.

5230 - 8000146E

ERR_INVALID_CERT_ISPB_MISMATCH
Certificate validation failed.
An SPB encode/decode/map operation has detected a difference between the source/destination ISPB informed, and the ISPB contained in the certificate used.

5231 - 8000146F

ERR_INVALID_CA
Invalid certificate authority (CA).
SPB module decode operations (usually in GEN messages that trigger automatic certificate exchange operations) or SPB encode requests cannot use certificates issued by unknown CAs. The following CAs (with corresponding values) are documented in the SPB manual, section 4.2.6: a) Serpro (1); b) Certisign (2); c) Serasa (4); d) CAIXA (5); e) Valid (6);

5303 - 800014B7

ERR_DEPRECATED_FUNCTION
The requested operation/function/task has been discontinued.
The manufacturer is constantly improving its products. The requested operation is no longer available, as modern security practices probably deem it inappropriate to perform (even if it was not previously considered a threat, or was even industry practice).

5304 - 800014B8

ERR_SERVER_BUSY
The server is overloaded.
DISCONTINUED. Returned by older firmware versions. A request has been rejected because the HSM is overloaded. Newer firmware versions work with more specialized return codes, which allow problems to be resolved more quickly and immediately. In any case, this must be a temporary error. Please try again in a few moments.

5305 - 800014B9

ERR_SL_BE_BUSY
Read failure in the storage layer.
The request cannot be executed because the storage layer is overloaded with too many IO (read/write) operations. This is common in object listing requests. This is usually a temporary failure. Please try again in a few moments.

5306 - 800014BA

ERR_SVMK_MISMATCH
Server Master Key (SVMK) invalid.
An attempt to restore a backup copy failed because the image was originally generated on a device initialized with a different SVMK than the one currently loaded. In this scenario, the operation will always generate an error, protecting the client's database from loss.

5307 - 800014BB

ERR_INVALID_CERT_SN_MISMATCH
The certificate entered is invalid.
The SPB encode/decode request detected a discrepancy between the serial number (SN) of the certificate provided and the SN contained in the SPB message header. This double-check protects the client against data corruption and/or invalid/inconsistent messages.

5308 - 800014BC

ERR_CANNOT_DEC_SYM_KEY
Symmetric key recovery failure.
Error in SPB module decode operation. SPB messages use a digital envelope to protect sensitive information. When the recipient receives the message, this envelope needs to be opened to retrieve the 3DES transport key that guarantees the confidentiality of the message content. In this process, the recipient uses their private key. If the sender of the message has used an incorrect public key in the envelope (for example, using a certificate that is no longer active), and/or if there has been any corruption in the message data, it will not be possible to open the digital envelope, and this return code will signal the problem.

5309 - 800014BD

ERR_CANNOT_REC_SYM_KEY
Failure to use a symmetric key.
Error in SPB module decode operation. The 3DES key envelope was correctly opened (decrypted), but key scaling failed. This is usually a memory allocation problem. See ERR_CANNOT_DEC_SYM_KEY for more details.

5401 - 80001519

SUCCESS_CANNOT_OPEN_OBJ_AT_REPL
Failure to use an object.
The HSM was unable to open/use a successfully created object (usually a key) because it is still in the process of being written to the replication layer. In a few moments, this object will probably be available for regular use.

5402 - 8000151A

ERR_CANNOT_OPEN_INVALID_OBJ_AT_REPL
Failure to use an object.
The HSM has not been able to open/use an object that has changed (been [un]locked, removed, or renamed) because it is still in the process of being updated in the replication layer. In a few moments, the status of the object will probably be set.

5500 - 8000157C

ERR_CANNOT_SL_BE_CHECK_OBJ
Failure to create an object.
The HSM's storage layer was unable to create an obj (usually a key) because a structural read failure did not allow the event to be validated. This is a rare problem (usually temporary). Please try again in a few moments.

5501 - 8000157D

ERR_CANNOT_WRITE_AUTH_INFO_OBJ
Failed to save authentication information.
The HSM storage layer was unable to record information from OATHso that the user can authenticate with 2-factor authentication. This is a rare problem (usually temporary). Please try again in a few moments.

5502 - 8000157E

ERR_CANNOT_GEN_RSA_KEY
RSA key creation failure.
The HSM storage layer was unable to create an RSA key because it failed to handle cryptographic material. This could be a memory allocation problem. In rare cases, there may have been a failure to generate random numbers. See ERR_DRBG_CONTINUOUS_TEST for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

5503 - 8000157F

ERR_CANNOT_GEN_ECC_CURVE
ECC key creation failure.
DISCONTINUED. Occurs in older firmware versions. See ERR_CANNOT_GEN_ECC_KEY.

5504 - 80001580

ERR_CANNOT_GEN_ECC_KEY
ECC key creation failure.
The HSM storage layer was unable to create an ECC key because it failed to handle cryptographic material. This could be a memory allocation problem. In rare cases, there may have been a failure to generate random numbers. See ERR_DRBG_CONTINUOUS_TEST for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

5505 - 80001581

ERR_CANNOT_GEN_ECC_DER
Key serialization failure.
DISCONTINUED. Occurs in older firmware versions. See ERR_CANNOT_ALLOC_MEM.

5506 - 80001582

ERR_CANNOT_GEN_ECC_DER_KEY
Key serialization failure.
DISCONTINUED. Occurs in older firmware versions. See ERR_CANNOT_ALLOC_MEM.

5507 - 80001583

ERR_CANNOT_CREATE_UNKNOWN_OBJ
Failed to create unknown object.
The HSM storage layer was unable to create an obj (usually a key) because it is unknown. Please contact the manufacturer (a firmware update may solve the problem).

5508 - 80001584

ERR_CANNOT_WRITE_HSM_MODE
Operation mode update failed.
The HSM storage layer was unable to change the operating mode because a write failure occurred. This is a rare problem (usually temporary). Please try again in a few moments.

5509 - 80001585

ERR_CANNOT_WRITE_LOGIN_BLOCK_INFO
Failure to save user [un]lock information.
HSM's security layer was unable to record user login [un]lock information. This is a rare problem (usually temporary). Please try again in a few moments.

5510 - 80001586

ERR_CANNOT_SETUP_LIVE_SYNC_OBJ
Failed to prepare for saving object(s).
The HSM's storage layer was unable to prepare for writing the data of one or more objects during the replication live-sync operation. This is usually a memory allocation problem. Please try again in a few moments.

5511 - 80001587

ERR_CANNOT_CREATE_LIVE_SYNC_OBJ
Failed to save object(s).
The HSM storage layer was unable to write the data of one or more objects when performing a replication live-sync operation. This is a very rare problem (usually temporary). Please try again in a few moments.

5512 - 80001588

ERR_CANNOT_OPEN_LOG
Failed to open the audit log.
The HSM storage layer was unable to open the log because there was a structural read failure in the file. If the error persists, the manufacturer should be contacted.

5513 - 80001589

ERR_COULD_NOT_OPEN_OBJ
Failed to create a local/temporary object.
The HSM was unable to open/use an object (usually a key) that would have been created successfully. See ERR_CANNOT_OPEN_OBJ, ERR_CANNOT_ALLOC_RES and ERR_CACHE_LAYER_EXHAUSTED for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

5514 - 8000158A

ERR_CANNOT_EXPORT_RAW_OBJ
Failure to extract an object (due to IO failure).
Objects in the HSM can be saved using a generic security policy: a) they are exportable, or b) they are NOT exportable. Keys are usually stored in non-exportable mode, while certificates (by their very public nature) can be removed from the device. This error occurs whenever a request tries to retrieve the full contents of exportable objects, but structural read failures have occurred.

5515 - 8000158B

ERR_CANNOT_RENAME_OBJ
Failed to rename an object.
The HSM storage layer was unable to rename an existing obj (usually a key). Move/rename operations involving more than one partition are not allowed (when a user tries to move/rename objs from other partitions, even if the respective owners have granted write/update permissions). Users can only rename objects in their own partitions.

5516 - 8000158C

ERR_REPLICATION_CANNOT_OPEN_OBJ
Failure to use an object.
The HSM replication layer was unable to open/use an existing obj (usually a key). See details in ERR_CANNOT_OPEN_OBJ.

5517 - 8000158D

ERR_CANNOT_SETUP_LIVE_SYNC_IMG
Failed to prepare the live-sync image.
The HSM replication layer was unable to prepare the image with the live-sync data. This is usually a memory allocation problem. Please try again in a few moments.

5518 - 8000158E

ERR_CANNOT_LOAD_LIVE_SYNC_IMG
Failed to load live-sync image.
The HSM replication layer was unable to read the data from the live-sync image. This is a very rare problem (usually temporary). Please try again in a few moments.

5519 - 8000158F

ERR_CANNOT_SETUP_LIVE_SYNC_DEL_USR
Failed to set up removal of user(s).
The HSM replication layer was unable to prepare for the removal of one or more users during the live-sync operation. This is usually a memory allocation problem. Please try again in a few moments.

5520 - 80001590

ERR_CANNOT_DEL_LIVE_SYNC_USR
Failed to remove user(s).
The HSM replication layer was unable to remove data from one or more users when performing a live-sync operation. This is a very rare problem (usually temporary). Please try again in a few moments.

5521 - 80001591

ERR_CANNOT_SETUP_LIVE_SYNC_DEL_CONFIG
Failed to prepare the removal of configuration parameters.
The HSM replication layer was unable to prepare for the removal of one or more configuration parameters during the live-sync operation. This is usually a memory allocation problem. Please try again in a few moments.

5522 - 80001592

ERR_CANNOT_DEL_LIVE_SYNC_CONFIG
Failed to remove configuration parameters.
The HSM replication layer was unable to remove one or more configuration parameters when performing a live-sync operation. This is a very rare problem (usually temporary). Please try again in a few moments.

5523 - 80001593

ERR_CANNOT_SETUP_LIVE_SYNC_CONFIG
Failed to prepare for entering configuration parameters.
The HSM replication layer was unable to prepare the insertion of one or more configuration parameters during the live-sync operation. This is usually a memory allocation problem. Please try again in a few moments.

5524 - 80001594

ERR_CANNOT_CREATE_LIVE_SYNC_CONFIG
Failed to add configuration parameters.
The HSM replication layer was unable to add one or more configuration parameters when performing a live-sync operation. This is a very rare problem (usually temporary). Please try again in a few moments.

5525 - 80001595

ERR_CANNOT_SETUP_LIVE_SYNC_USER
Failed to set up user(s) insertion.
The HSM replication layer was unable to prepare for the insertion of one or more users during the live-sync operation. This is usually a memory allocation problem. Please try again in a few moments.

5526 - 80001596

ERR_CANNOT_CREATE_LIVE_SYNC_USER
Failed to add user(s).
The HSM replication layer was unable to add one or more user(s) when performing a live-sync operation. This is a very rare problem (usually temporary). Please try again in a few moments.

5527 - 80001597

ERR_CANNOT_SETUP_LIVE_SYNC_ACL
Failed to prepare the insertion of permission information.
The HSM replication layer was unable to prepare the insertion of user(s) permission information during the live-sync operation. This is usually a memory allocation problem. Please try again in a few moments.

5528 - 80001598

ERR_CANNOT_CREATE_LIVE_SYNC_ACL
Failed to add permission information.
The HSM replication layer was unable to record user(s) permission information when performing a live-sync operation. This is a very rare problem (usually temporary). Please try again in a few moments.

5529 - 80001599

ERR_CANNOT_DEL_AUTH_INFO_OBJ
Failed to remove authentication information.
The HSM storage layer was unable to delete information from OATHwhich the user uses for 2-factor authentication. This is a rare problem (usually temporary). Please try again in a few moments.

5530 - 8000159A

ERR_INVALID_KEY_NULL_RES
Cryptographic key manipulation failure.
In certain contexts - for example, when decoding the contents of a cryptographic key - a certain error may have occurred, preventing a more precise diagnosis (e.g. memory allocation failures, IO problems, etc.). Occurs in: a) SPB decode/encode/map requests (e.g. in GEN messages that trigger automatic certificate exchange operations); b) signing XML DSig to the RFC 3275 standard;

5531 - 8000159B

ERR_INVALID_MSG_NULL_RES
Cryptographic message manipulation failure.
In certain contexts - for example, when encoding the content of a cryptographic message - a certain error may have occurred, preventing more precise diagnosis (e.g. memory allocation failures). Occurs in: a) PKCS #7 signatures (when the DER representation of the message cannot be loaded/encoded);

5532 - 8000159C

ERR_CANNOT_GEN_SYM_KEY
Failure to prepare the symmetric key.
Symmetric keys are used in (but are not limited to) operations involving data confidentiality. Allocating and scaling these keys requires memory and a block of cryptographically strong random numbers. If any intermediate step in the generation/preparation fails, these keys cannot be used. See ERR_CANNOT_GENERATE_RND_DATA and ERR_DRBG_CONTINUOUS_TEST for more details. Occurs in: a) SPB encode requests; SPB messages use a digital envelope for the protection of sensitive data; this code is returned if the sender failed to prepare the 3DES or AES keys for envelopment;

5533 - 8000159D

ERR_CANNOT_SETUP_USR_AUTH_INFO
Failed to set up user(s) authentication.
The HSM storage layer was unable to prepare the read data for user authentication. This is usually a memory allocation problem. Please try again in a few moments.

5534 - 8000159E

ERR_CANNOT_BIND_USR_AUTH_INFO
Failed to set up user(s) authentication.
The HSM storage layer was unable to read data for user authentication. This is usually a memory allocation problem. Please try again in a few moments.

5535 - 8000159F

ERR_CANNOT_GET_CERT_SN
Failed to read the certificate's serial number.
The SPB encode or decode request (the latter, in GEN messages that trigger automatic certificate exchange operations) failed to retrieve the certificate's serial number (SN). This is usually a memory allocation problem when decoding DER structures.

5536 - 800015A0

ERR_CANNOT_GET_CERT_ISPB
Failed to read the certificate's ISPB.
The SPB decode request (e.g. in GEN messages that trigger automatic certificate exchange operations) failed to retrieve the certificate's ISPB. This is usually a memory allocation problem when decoding DER structures.

5537 - 800015A1

ERR_INVALID_HASH
The request reported an invalid hash.
Usually signals an invalid hash size or unknown type. It occurs in the following scenarios: a) requests for the signing/generation of certificates (CSR) in the PKCS #10 standard; b) ECC signing/verification operations; c) SPB encode/decode requests;

5538 - 800015A2

ERR_INVALID_SIG_LEN
The size of the signature buffer is too large.
Occurs in the following scenarios: a) ECC check operation;

5539 - 800015A3

ERR_INVALID_PUBKEY_LEN
Buffer size with public key is too large.
Occurs in the following scenarios: a) essential public tasks with RSA; b) ECC verification operation;

5540 - 800015A4

ERR_INVALID_PSKC_XML
Error in XML manipulation.
The HSM has not been able to handle the XML provided (it is probably incomplete/malformed/invalid). Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5541 - 800015A5

ERR_CANNOT_FIND_PSKC_XML_NODE
Error in XML manipulation.
The HSM has not been able to handle the XML provided (it is probably incomplete/malformed/invalid). Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5542 - 800015A6

ERR_CANNOT_FIND_PSKC_XML_ATTR
Error in XML manipulation.
The HSM has not been able to handle the XML provided (it is probably incomplete/malformed/invalid). Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5543 - 800015A7

ERR_INVALID_PSKC_KEY_DERIVATION
Error in XML manipulation.
HSM was unable to use the key derivation algorithm provided. Only PBKDF2 is supported. Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5544 - 800015A8

ERR_INVALID_PSKC_KEY_DERIVATION_IT
Error in XML manipulation.
The HSM was unable to use the key derivation algorithm provided, as the iteration counter is invalid. Only PBKDF2 is supported. Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5545 - 800015A9

ERR_INVALID_PSKC_KEY_DERIVATION_LEN
Error in XML manipulation.
The HSM was unable to use the key derivation algorithm entered because the key size is invalid. Only PBKDF2 is supported. Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5546 - 800015AA

ERR_INVALID_PSKC_KEY_DERIVATION_SALT_LEN
Error in XML manipulation.
The HSM was unable to use the key derivation algorithm provided, because the size of the salt (diversifier) is invalid. Only PBKDF2 is supported. Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5547 - 800015AB

ERR_PSKC_KEY_DERIVATION_FAILED
Error in PKCS derivation #5 of PSKC.
The HSM was unable to perform key derivation in the PKCS #5 standard. This occurs in the following scenarios: a) the module imports PSKC files OATH;

5548 - 800015AC

ERR_INVALID_PSKC_KEY_ALG
Error in XML manipulation.
HSM was unable to use the algorithm provided. Only HOTP and TOTP are supported. Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5549 - 800015AD

ERR_INVALID_PSKC_KEY_METHOD
Error in XML manipulation.
HSM was unable to use the encryption method provided. Only AES128-CBC is supported. Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5550 - 800015AE

ERR_INVALID_OATH_EPOCH
Date/time manipulation error OATH.
HSM was unable to use the Epoch reported (currently, offsets are not supported). Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5551 - 800015AF

ERR_INVALID_OATH_TIMESTEP
Date/time manipulation error OATH.
The HSM was unable to use the Time-Step entered (currently, only values greater than or equal to 30 are supported). Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5552 - 800015B0

ERR_INVALID_OATH_DRIFT
Date/time manipulation error OATH.
The HSM was unable to use the given offset (currently, time-drifts are not supported). Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5553 - 800015B1

ERR_INVALID_PSKC_SECRET_LEN
Error in XML manipulation.
HSM was unable to use the given secret because its size is invalid. Only PKCS #5/PBKDF2 with AES128-CBC are supported. Occurs in the following scenarios: a) import of PSKC files by the module OATH;

5554 - 800015B2

ERR_UNKNOWN_PADDING_TYPE
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5555 - 800015B3

ERR_DATA_TOO_LARGE_FOR_MODULUS
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5556 - 800015B4

ERR_DATA_GREATER_THAN_MODULUS_LEN
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5557 - 800015B5

ERR_PADDING_CHECK_FAILED
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5558 - 800015B6

ERR_DATA_TOO_LARGE_FOR_KEY_SIZE
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5559 - 800015B7

ERR_DATA_TOO_SMALL_FOR_KEY_SIZE
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5560 - 800015B8

ERR_INVALID_TYPE1_PADDING
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5561 - 800015B9

ERR_INVALID_TYPE2_PADDING
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5562 - 800015BA

ERR_BAD_FIXED_HDR_PADDING
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5563 - 800015BB

ERR_MISSING_NULL_PADDING
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5564 - 800015BC

ERR_BAD_PAD_BYTE_COUNT
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5565 - 800015BD

ERR_DATA_TOO_LARGE_FOR_PADDING
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5566 - 800015BE

ERR_BN_NO_INVERSE
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5567 - 800015BF

ERR_STATIC_BN_CANNOT_EXPAND
Requested operation failed.
DISCONTINUED. Occurs in older firmware versions. See ERR_OPERATION_FAILED.

5568 - 800015C0

ERR_BN_IS_NOT_PRIME
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5569 - 800015C1

ERR_TOO_MANY_BN_ITERATIONS
Requested operation failed.
DISCONTINUED. Occurs in older firmware versions. See ERR_OPERATION_FAILED.

5570 - 800015C2

ERR_BN_IS_NOT_A_SQUARE
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5571 - 800015C3

ERR_BN_DIV_BY_ZERO
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5572 - 800015C4

ERR_BN_NOT_INITIALIZED
Requested operation failed.
DISCONTINUED. Occurs in older firmware versions. See ERR_OPERATION_FAILED.

5573 - 800015C5

ERR_BN_INVALID_RANGE
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5574 - 800015C6

ERR_BN_BAD_RECIPROCAL
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5575 - 800015C7

ERR_BN_CALLED_WITH_EVEN_MODULUS
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5576 - 800015C8

ERR_BN_INPUT_NOT_REDUCED
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5577 - 800015C9

ERR_BN_TOO_MANY_TMP_VARIABLES
Requested operation failed.
DISCONTINUED. Occurs in older firmware versions. See ERR_OPERATION_FAILED.

5578 - 800015CA

ERR_BN_INVALID_LEN
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5579 - 800015CB

ERR_BN_ENCODING_ERROR
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5580 - 800015CC

ERR_INVALID_PUBLIC_EXP
Invalid data.
DISCONTINUED. Occurs in older firmware versions. See ERR_INVALID_OPERATION.

5581 - 800015CD

ERR_INVALID_SPB_HDR_LEN
'Signature' of the SPB message header is invalid.
The SPB decode request detected an invalid message header size. Please refer to the SPB manual for more details.

5582 - 800015CE

ERR_INVALID_SPB_HDR_VER
Invalid version of the SPB message header.
The SPB decode request has detected an unsupported message header version value (V1 == 1 or V2 == 2 expected). Please refer to the SPB manual for more details.

5583 - 800015CF

ERR_INVALID_SPB_HDR_SPECIAL_TREATMENT
Special treatment flag in the SPB message header is invalid.
The SPB decode request detected an invalid combination of special handling flag values in the message header (values 0-4, 6, 8, and 10 supported). Please refer to the SPB manual for more details.

5584 - 800015D0

ERR_INVALID_SPB_HDR_R0
Reserved field in the SPB message header is invalid.
The SPB decode request detected an unsupported value in the reserved field of the message header (0 expected). Please refer to the SPB manual for more details.

5585 - 800015D1

ERR_INVALID_SPB_HDR_DST_ASYM_ALG
Certificate algorithm in the SPB message header is invalid.
The SPB decode request detected an unsupported value for the certificate algorithm (RSA_1024 == 1 or RSA_2048 == 2 expected). Please refer to the SPB manual for more details.

5586 - 800015D2

ERR_INVALID_SPB_HDR_DST_SYM_ALG
The encryption algorithm in the SPB message header is invalid.
The SPB decode request detected an unsupported value for the encryption algorithm (3DES_168 == 1 expected). Please refer to the SPB manual for more details.

5587 - 800015D3

ERR_INVALID_SPB_HDR_SIGN_KEY_TYPE
Signature algorithm in the SPB message header is invalid.
The SPB decode request has detected an unsupported value for the signature algorithm (RSA_1024 == 1 or RSA_2048 == 2 expected). Please refer to the SPB manual for more details.

5588 - 800015D4

ERR_INVALID_SPB_HDR_DST_CA
Certificate authority (CA) in the SPB message header is invalid.
See ERR_INVALID_CA for more details.

5589 - 800015D5

ERR_INVALID_SPB_HDR_SIGN_CA
Certificate authority (CA) in the SPB message header is invalid.
See ERR_INVALID_CA for more details.

5590 - 800015D6

ERR_INVALID_SIGN_CERT_SN_MISMATCH
Certificate serial number in the SPB message header is invalid.
See ERR_INVALID_CERT_SN_MISMATCH for more details.

5591 - 800015D7

ERR_INVALID_DST_CERT_SN_MISMATCH
Certificate serial number in the SPB message header is invalid.
See ERR_INVALID_CERT_SN_MISMATCH for more details.

5592 - 800015D8

ERR_INVALID_SPB_MSG_LEN
The size of the SPB message is invalid.
The SPB decode request has detected an invalid message size (it must be a multiple of a DES block). Please refer to the SPB manual for more details.

5593 - 800015D9

ERR_CANNOT_PARSE_JSON
Error when manipulating JSON content.
The HSM was unable to decode JSON content in the operational context (it may be malformed/invalid). The storage layer uses an internal JSON representation to allow flexible and fast operations, such as the execution of native PKCS #11 tasks. It can occur in various situations, especially when manipulating objects (e.g. keys and certificates).

5594 - 800015DA

ERR_INVALID_SPB_CHARSET_SIG_OK
SPB message character is invalid. Signature successfully verified.
SPB message has invalid characters, but correct digital signature. See ERR_INVALID_SPB_CHARSET for more details.

5595 - 800015DB

ERR_JSON_MORE_DATA
Error serializing JSON content.
The HSM was unable to serialize a JSON content in the operational context because it exceeds the supported internal limit. See ERR_CANNOT_ALLOC_MEM and ERR_CANNOT_PARSE_JSON for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

5596 - 800015DC

ERR_CANNOT_VIRTUALIZE_JSON
Error when manipulating JSON content.
The HSM was unable to generate JSON content in the operational context. This is usually a memory management problem. See ERR_CANNOT_ALLOC_MEM and ERR_CANNOT_PARSE_JSON for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

5597 - 800015DD

ERR_CANNOT_CHANGE_OEM_JSON
Error when manipulating JSON content.
A native PKCS #11 operation attempted to modify an object attribute that is released read-only. Check the SDK client documentation. See ERR_CANNOT_PARSE_JSON. If the error persists, the manufacturer should be contacted.

5598 - 800015DE

ERR_CANNOT_MERGE_JSON
Error when manipulating JSON content.
See ERR_CANNOT_ALLOC_MEM, ERR_CANNOT_PARSE_JSON, ERR_CANNOT_CHANGE_OEM_JSON and ERR_CANNOT_ALLOC_JSON for more details that may apply in this situation.

5599 - 800015DF

ERR_INVALID_SPB_CHARSET
SPB message character is invalid.
The SPB decode request has detected an invalid character (it must belong to the Basic_Latin or Latin-1_Supplement sets. Please see DRN-approved for more details.

5600 - 800015E0

ERR_CANNOT_GET_JSON
Error serializing JSON content.
The HSM was unable to serialize JSON content in the operational context. This is usually a memory management problem. See ERR_CANNOT_ALLOC_MEM and ERR_CANNOT_PARSE_JSON for more details that may apply in this situation.

5601 - 800015E1

ERR_INVALID_SPB_CHARSET_SIG_ERR
SPB message character is invalid. Invalid signature.
SPB message has invalid characters and digital signature. See ERR_INVALID_SPB_CHARSET for more details.

5602 - 800015E2

ERR_INVALID_SPB_DOMAIN
SPB domain is invalid.
SPB domains must be identifiers made up of up to 6 alphanumeric characters (letters or numbers).

5603 - 800015E3

ERR_CANNOT_GEN_DSA_KEY
DSA key creation failure.
The HSM storage layer was unable to create a DSA key because it failed to manipulate the cryptographic material. This could be a memory allocation problem. In rare cases, there may have been a failure to generate random numbers. See ERR_DRBG_CONTINUOUS_TEST for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

5604 - 800015E4

ERR_DSA_CONTINUOUS_TEST
Key creation/read/import failed.
DISCONTINUED. Occurs in older firmware versions. See ERR_KEY_CONTINUOUS_TEST.

5605 - 800015E5

ERR_CANNOT_GEN_DH_KEY
DH key creation failure.
The HSM storage layer was unable to create a DH key because it failed to handle cryptographic material. This could be a memory allocation problem. In rare cases, there may have been a failure to generate random numbers. See ERR_DRBG_CONTINUOUS_TEST for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

5606 - 800015E6

ERR_DH_CONTINUOUS_TEST
Key creation/read/import failed.
DISCONTINUED. Occurs in older firmware versions. See ERR_KEY_CONTINUOUS_TEST.

5699 - 80001643

ERR_KEY_CONTINUOUS_TEST
Key creation/read/import failed.
A consistency problem in a key was detected at runtime. The storage layer does not have authorization to release creation/use of the key in question. See ERR_DRBG_CONTINUOUS_TEST for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

5700 - 80001644

ERR_SERVER_STARTED
Invalid request.
The operation cannot be performed while the service is running.

5701 - 80001645

ERR_HSM_AUTO_TEST_FAILURE
The HSM may be operating inconsistently.
Automatic tests have detected system faults. If restricted mode is active, no operation is allowed. In standard mode, operation is cleared (but structural errors may have left the HSM running in an inconsistent state). See ERR_NON_APPROVED_OPERATION.

5702 - 80001646

ERR_SERVER_NOT_STARTED
Invalid request.
The operation cannot be performed while the service is not running.

5703 - 80001647

ERR_UNAPPROVED_TSP_OPERATION
TSP operation rejected.
The operation was not allowed because it violates RFC 3161, RFC 5816, and/or some corporate security policy. Examples: a) exporting private keys used for signing time stamps; b) using a non-TSP private key for signing time stamps; c) attempting to operate in sleep mode;

5704 - 80001648

ERR_INVALID_LCRYPTO_R_OPERATION
Remote operation on 'local-crypto' partition was rejected.
The operation was not allowed as it violates the policy on the use of local-crypto partitions'. Examples: a) signing over the network via the automatic APIs; b) exporting keys (even those marked with OBJ_ATTR_EXPORT); c) creating individual backups; d) granting access permissions to other users/partitions; e) trying to use 'local-crypto' partitions in unsupported models;

7000 - 80001B58

ERR_OBJ_BLOCKED_BY_DS_POLICY
Object invalid for use by HSM's security policy.
The security layer has blocked the use of an object because the global remote policy has been violated.

7001 - 80001B59

ERR_TRUNCATING_DS_LOG
Failed to truncate the audit log.
Logs/telemetry cannot be truncated locally before full transmission to HSM cloud services. This error may indicate Internet connectivity problems. Please try again in a few moments. If the error persists, please contact the manufacturer for further instructions.

10000 - 80002710

ERR_THROTTLED_VM_SIZE
Service memory has reached its safe operating limit.
The HSM was unable to allocate memory to execute the request because it was overloaded. This may be related to a memory leak problem and/or poor resource management. See ERR_CANNOT_ALLOC_RES for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

10001 - 80002711

ERR_THROTTLED_RAM
RAM memory has reached its limit for safe operation.
The service has forced the request to be disconnected because it is overloaded. This may be related to a memory leak problem and/or poor resource management. See ERR_CANNOT_ALLOC_RES for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

11000 - 80002AF8

ERR_CANNOT_ALLOC_SOCKET
Network descriptor allocation failure.
The HSM was unable to allocate a network socket to execute the request. This is usually a problem with memory leaks and/or poor resource management. See ERR_CANNOT_ALLOC_RES for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

11001 - 80002AF9

ERR_CANNOT_ALLOC_MEM
Memory allocation failure.
The HSM was unable to allocate memory to execute the request because it was overloaded. This may be related to a memory leak problem and/or poor resource management. See ERR_CANNOT_ALLOC_RES for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

11002 - 80002AFA

ERR_CANNOT_ALLOC_KEY
Failed to allocate work area for cryptographic key.
The HSM was unable to allocate memory for cryptographic key operation. See ERR_CANNOT_ALLOC_MEM for more details that may apply in this situation. If the error persists, the manufacturer should be contacted.

11003 - 80002AFB

ERR_CANNOT_ALLOC_SL_BE_HANDLE
IO descriptor allocation failure.
The HSM was unable to allocate a read/write handler from the storage layer. See ERR_SL_BE_BUSY for more details that may apply in this situation.

11004 - 80002AFC

ERR_CANNOT_ALLOC_IOM
Desktop allocation failure.
The HSM was unable to allocate memory for the operation. See ERR_CANNOT_ALLOC_MEM for more details that may apply in this situation.

11005 - 80002AFD

ERR_CANNOT_INIT_DRBG
Failure to generate random numbers
The HSM will not authorize the generation of cryptographically strong random number blocks. The DRBG subsystem cannot be initialized. See ERR_CANNOT_GENERATE_RND_DATA and ERR_CANNOT_ALLOC_MEM for more details that may apply in this situation.

11006 - 80002AFE

ERR_CANNOT_SEED_DRBG
Failure to generate random numbers
The HSM will not authorize the generation of cryptographically strong random number blocks. The DRBG subsystem cannot configure its state. See ERR_CANNOT_GENERATE_RND_DATA, ERR_CANNOT_INIT_DRBG, ERR_CANNOT_ALLOC_MEM, and ERR_CANNOT_GET_SYS_INFO for more details that may apply in this situation.

11007 - 80002AFF

ERR_CANNOT_USE_IOM
Failure to use the desktop.
The HSM was unable to read/write the memory allocated for the operation. See ERR_CANNOT_ALLOC_MEM and ERR_CANNOT_ALLOC_IOM for more details that may apply in this situation.

11008 - 80002B00

ERR_CANNOT_ALLOC_OBJ_HANDLE
Object descriptor allocation failure.
The HSM failed to allocate a storage layer object handler. See ERR_CANNOT_ALLOC_MEM and ERR_CACHE_LAYER_EXHAUSTED for more details that may apply in this situation.

11009 - 80002B01

ERR_REPL_CANNOT_ALLOC_SL_BE_HANDLE
IO descriptor allocation failure.
See ERR_CANNOT_ALLOC_SL_BE_HANDLE.

11010 - 80002B02

ERR_CANNOT_ALLOC_TLS_CTX
Failed to prepare network channel descriptor.
The HSM was unable to prepare a TLS network socket for the execution of the request (used in the replication layer for communication between devices). This is usually a problem of memory leakage and/or poor resource management. See ERR_CANNOT_ALLOC_MEM for more details that may apply in this situation.

11011 - 80002B03

ERR_CANNOT_ALLOC_TLS_SOCKET
Network channel descriptor allocation failure.
The HSM was unable to allocate a TLS network socket for the execution of the request (used in the replication layer for communication between devices). This is usually a problem of memory leakage and/or poor resource management. See ERR_CANNOT_ALLOC_MEM for more details that may apply in this situation.

11012 - 80002B04

ERR_CANNOT_SERIALIZE_XML
DSig XML signature failure.
The XML module tried to generate a signature in the RFC 3275 standard, but the serialization of the internal DOM representation in XML failed. This is usually a memory management problem. See ERR_CANNOT_ALLOC_MEM for more details that may apply in this situation.

11013 - 80002B05

ERR_CANNOT_ALLOC_BN
Big integer (BN) allocation failure.
The system cannot operate with an integer multiprecision number. This is usually a problem with the input data of the request, but may be related to memory management. See ERR_CANNOT_ALLOC_MEM for more details that may apply in this situation.

11014 - 80002B06

ERR_CANNOT_ALLOC_JSON
Error when manipulating JSON content.
See ERR_CANNOT_ALLOC_MEM for more details that may apply in this situation.

12001 - 80002EE1

ERR_CRYPTOHW_OPEN_FAILURE
TAC_ERR_CRYPTOHW_OPEN_FAILURE
TAC_ERR_CRYPTOHW_OPEN_FAILURE

12002 - 80002EE2

ERR_CRYPTOHW_SETUP_FAILURE
TAC_ERR_CRYPTOHW_SETUP_FAILURE
TAC_ERR_CRYPTOHW_SETUP_FAILURE

12003 - 80002EE3

ERR_CRYPTOHW_READ_FAILURE
TAC_ERR_CRYPTOHW_READ_FAILURE
TAC_ERR_CRYPTOHW_READ_FAILURE

12004 - 80002EE4

ERR_CRYPTOHW_INVALID_CRC
TAC_ERR_CRYPTOHW_INVALID_CRC
TAC_ERR_CRYPTOHW_INVALID_CRC

12005 - 80002EE5

ERR_CRYPTOHW_WRITE_FAILURE
TAC_ERR_CRYPTOHW_WRITE_FAILURE
TAC_ERR_CRYPTOHW_WRITE_FAILURE

12006 - 80002EE6

ERR_CRYPTOHW_UNEXPECTED_MSG
TAC_ERR_CRYPTOHW_UNEXPECTED_MSG
TAC_ERR_CRYPTOHW_UNEXPECTED_MSG

12007 - 80002EE7

ERR_CRYPTOHW_CONNECT_FAILED
TAC_ERR_CRYPTOHW_CONNECT_FAILED
TAC_ERR_CRYPTOHW_CONNECT_FAILED

12008 - 80002EE8

ERR_CRYPTOHW_SEND_FAILED
TAC_ERR_CRYPTOHW_SEND_FAILED
TAC_ERR_CRYPTOHW_SEND_FAILED

12009 - 80002EE9

ERR_CRYPTOHW_RECV_FAILED
TAC_ERR_CRYPTOHW_RECV_FAILED
TAC_ERR_CRYPTOHW_RECV_FAILED

36000 - 80008CA0

ERR_REPLICATION_BUSY
Failure in the replication layer.
The request cannot be executed because the replication layer is still updating/saving synchronization data. This is a temporary problem. Please try again in a few moments.

36001 - 80008CA1

ERR_REPLICATION_D_BUSY
Failure in the replication layer.
The request cannot be executed. The replication layer has pending data synchronization updates. This is usually a complex issue that requires the intervention of the manufacturer.

36002 - 80008CA2

ERR_REPLICATION_S_BUSY
Failure in the replication layer.
The request cannot be executed because the replication layer is still updating/saving synchronization data. This is a temporary problem. Please try again in a few moments.

36003 - 80008CA3

ERR_REPLICATION_STORAGE_LAYER_BUSY
Failure in the replication layer.
The request cannot be executed because the replication layer is still updating/saving synchronization data. This is a temporary problem. Please try again in a few moments.

36004 - 80008CA4

ERR_REPLICATION_SEC_LAYER_BUSY
Failure in the replication layer.
The request cannot be executed because the replication layer is still updating/saving synchronization data. This is a temporary problem. Please try again in a few moments.

36500 - 80008E94

ERR_REPLICATION_PEER_NOT_SYNCED
Replication transaction failure.
The request cannot be executed. The replication layer has detected an unsynchronized pool device. Without a live-sync, any operation that requires updates to the storage layer will fail, protecting the client's databases from divergence problems (called "split-brain", when the data between the HSMs in the same pool is not perfectly mirrored). This error usually occurs when a new device is added to an existing pool without undergoing a proper live-sync with other peers.

37001 - 80009089

ERR_REPLICATION_CANNOT_PREPARE_TRANS
Replication transaction failure.
The request cannot be executed because the replication layer was unable to prepare a distributed transaction. This may or may not be a temporary problem. If it persists, the manufacturer must be called.

37002 - 8000908A

ERR_REPLICATION_CANNOT_P2P_HANDSHAKE
Replication network protocol failure.
The request cannot be executed. A network failure has occurred, or the HSMs have not been properly configured so that synchronization occurs between them (the devices can only replicate if they are booted with the same SVMK and operating mode). This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37003 - 8000908B

ERR_REPLICATION_CANNOT_P2P_FIND
Incomplete network cache.
The request cannot be executed because the replication layer was unable to locate an HSM involved. This is a rare occurrence, signaling an incomplete/invalid IP address cache. Please check this setting in the local console (shell).

37004 - 8000908C

ERR_REPLICATION_CANNOT_P2P_CONNECT
Connection failure in the network subsystem.
The request cannot be executed. A connection failure occurred in the network subsystem, and one or more of the HSMs involved could not be reached. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37005 - 8000908D

ERR_REPLICATION_CANNOT_P2P_SEND
Replication layer data transmission failure.
The request cannot be executed. A transmission failure in the network subsystem has occurred between HSMs. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37006 - 8000908E

ERR_REPLICATION_CANNOT_P2P_RECV
Replication layer data transmission failure.
The request cannot be executed. A transmission failure in the network subsystem has occurred between HSMs. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37007 - 8000908F

ERR_REPLICATION_CANNOT_P2P_SEND_ALL
Replication layer data transmission failure.
The request cannot be executed. A transmission failure in the network subsystem has occurred between HSMs. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37008 - 80009090

ERR_REPLICATION_CANNOT_P2P_RECV_ALL
Replication layer data transmission failure.
The request cannot be executed. A transmission failure in the network subsystem has occurred between HSMs. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37009 - 80009091

ERR_REPLICATION_CANNOT_P2P_SCONNECT
Connection failure in the network subsystem.
The request cannot be executed. A TLS failure has occurred in the network subsystem, or the HSMs have not been properly configured so that synchronization occurs between them (the devices can only replicate if they are booted with the same SVMK and operating mode). This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37010 - 80009092

ERR_REPLICATION_CANNOT_P2P_SSEND
Failure to transmit encrypted data from the replication layer.
The request cannot be executed. There has been a TLS transmission failure between HSMs. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37011 - 80009093

ERR_REPLICATION_CANNOT_P2P_SRECV
Failure to transmit encrypted data from the replication layer.
The request cannot be executed. There has been a TLS transmission failure between HSMs. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37012 - 80009094

ERR_REPLICATION_CANNOT_P2P_SSEND_ALL
Failure to transmit encrypted data from the replication layer.
The request cannot be executed. There has been a TLS transmission failure between HSMs. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37013 - 80009095

ERR_REPLICATION_CANNOT_P2P_SRECV_ALL
Failure to transmit encrypted data from the replication layer.
The request cannot be executed. There has been a TLS transmission failure between HSMs. This may or may not be a temporary problem. See ERR_NET_FAIL for more details on network issues.

37014 - 80009096

ERR_REPLICATION_CANNOT_P2P_WORK
Processing failure in the network subsystem.
The request cannot be executed. There has been a failure in the replication layer involving the configuration of an operation in the network subsystem. If this persists, contact the manufacturer.

37015 - 80009097

ERR_REPLICATION_NOT_FOUND
Failure in the replication layer.
Reserved for HSMs performing synchronization at the replication layer. In rare cases, the client may come into contact with this return code, especially when retrieving information remotely via administrative tools. This should be a temporary problem. If it persists, contact the manufacturer.

37016 - 80009098

ERR_REPLICATION_ACK_NOT_FOUND
Replication transaction confirmation failed.
Reserved for HSMs performing synchronization in the replication layer. This should be a temporary problem. If it persists, contact the manufacturer.

37017 - 80009099

ERR_REPLICATION_INVALID_OPERATION
Invalid synchronization request.
Operations can be classified as invalid if one or more parameters are not recognized by the HSM, and/or are not valid in context. This error can be the result of invalid requests from clients (e.g. entering invalid data), the consequence of IO (read/write) problems on the server side, or a divergence in the software version (when devices in the same pool are configured with different firmware versions). This may be a temporary problem. For assistance, contact the manufacturer.

37018 - 8000909A

ERR_REPLICATION_INVALID_EVENT
Invalid replication occurs.
Replication layer events can be classified as invalid if they are not recognized by the HSM, and/or are not valid in context (e.g. when clients send node-down requests, but the supposedly inaccessible device can be reached by the device). On rare occasions, divergences in firmware versions can cause this error.

37019 - 8000909B

ERR_REPLICATION_OPERATION_FAILED
Failure in the replication layer.
Reserved for HSMs performing synchronization at the replication layer. In rare cases, the client may come into contact with this return code, especially when sending a 'pulsing' remotely via administrative tools. This should be a temporary problem. If it persists, contact the manufacturer.

37020 - 8000909C

ERR_REPLICATION_COMMIT_FAILED
Read/write failure in the replication layer.
Reserved for HSMs performing synchronization at the replication layer. In rare cases, the client may come into contact with this return code, especially when sending node-down notifications remotely via administrative tools. Live-syncs between devices can generate this exception. This should be a temporary problem. If it persists, contact the manufacturer.

37021 - 8000909D

ERR_REPLICATION_ERASE_FAILED
Read/write failure in the replication layer.
Reserved for HSMs performing synchronization at the replication layer. In rare cases, the client may come into contact with this return code, especially when sending node-down notifications remotely via administrative tools. This should be a temporary problem. If it persists, contact the manufacturer.

37022 - 8000909E

ERR_REPLICATION_INQUIRE_FAILED
Read/write failure in the replication layer.
Reserved for HSMs performing synchronization in the replication layer. This should be a temporary problem. If it persists, contact the manufacturer.

37023 - 8000909F

ERR_REPLICATION_UPDATE_ACK_FAILED
Read/write failure in the replication layer.
Reserved for HSMs performing synchronization in the replication layer. This should be a temporary problem. If it persists, contact the manufacturer.

37024 - 800090A0

ERR_REPLICATION_DISPATCH_FAILED
Read/write failure in the replication layer.
Reserved for HSMs performing synchronization in the replication layer. This should be a temporary problem. If it persists, contact the manufacturer.

37025 - 800090A1

ERR_REPLICATION_CANNOT_SL_BE_TRANSP
Read/write failure in the replication layer.
The operation cannot be executed. Reserved for structural problems in the replication layer. Administrative requests can generate this error (e.g. updating the network IP address cache). This should be a temporary problem. If it persists, contact the manufacturer.

37026 - 800090A2

ERR_REPLICATION_CANNOT_PRUNE_LOG
Read/write failure in the replication layer.
The operation cannot be executed. Reserved for structural problems in the replication layer. This must be a temporary problem. If it persists, contact the manufacturer.

37027 - 800090A3

ERR_REPLICATION_CANNOT_LOAD_LOG
Replication transaction read failure.
Reserved for HSMs performing synchronization at the replication layer. In rare cases, the client may come into contact with this return code, especially when retrieving information remotely via administrative tools. This should be a temporary problem. If it persists, contact the manufacturer.

37028 - 800090A4

ERR_REPLICATION_CANNOT_WORK
Failure in the replication layer.
Reserved for HSMs performing synchronization at the replication layer. In rare cases, the client may come into contact with this return code, especially when sending node-down notifications remotely via administrative tools. This should be a temporary problem. If it persists, contact the manufacturer.

37029 - 800090A5

ERR_REPLICATION_CANNOT_VALIDATE_EVENT
Read/write failure in the replication layer.
The operation cannot be executed. Reserved for structural problems in the replication layer. This must be a temporary problem. If it persists, contact the manufacturer.

37030 - 800090A6

ERR_REPLICATION_TRANS_MISMATCH
Inconsistency failure in replication transaction.
The operation cannot be executed. Reserved for validating distributed replication layer transactions. Live-syncs between devices can cause this error. This must be a temporary problem. If it persists, contact the manufacturer.

37031 - 800090A7

ERR_REPLICATION_CANNOT_SYNC_POINT
Replication transaction failure.
The operation cannot be executed. Reserved for validating distributed replication layer transactions. Live-syncs between devices can cause this error. This must be a temporary problem. If it persists, contact the manufacturer.

37032 - 800090A8

ERR_REPLICATION_UNDEFINED_LIVE_SYNC
Live-sync denied.
Live-syncs between devices can only occur if the requestor (the HSM that requested the operation on the local console) has not previously performed any operation. Even simply connecting to the requestor via administrative tools will leave it in an undefined state for performing a live-sync. Restarting the service is enough to restore a defined state, in which the HSM can synchronize with its pool.

37033 - 800090A9

ERR_REPLICATION_CONNECTED_LIVE_SYNC
Live-sync denied.
Live-syncs cannot occur when users are connected to the requestor. Disconnect these clients, and try restarting the service. See ERR_REPLICATION_UNDEFINED_LIVE_SYNC for more details.

37034 - 800090AA

ERR_REPLICATION_SELF_LIVE_SYNC
Live-sync denied.
Other devices were not found in the network IP address cache (the HSM will not synchronize with itself). Please check your configuration.

37035 - 800090AB

ERR_REPLICATION_OBJ_IN_USE
Failure to remove an object.
The HSM storage layer was unable to delete an obj (usually a key) because it is open (in use).

37036 - 800090AC

ERR_REPLICATION_CANNOT_BEGIN_TRANS
Replication transaction failure.
The request cannot be executed because the replication layer was unable to initiate a transaction in the storage layer. This may or may not be a temporary problem. If it persists, the manufacturer must be called.

37037 - 800090AD

ERR_REPLICATION_MAX_NODE_COUNT_REACHED
Network cache has reached its limit.
The request cannot be executed because the replication layer cannot add another HSM address (the IP address cache has a total limit of 16 devices).

37038 - 800090AE

ERR_REPL_CANNOT_PREPARE_LS_TRANS
Replication transaction failure.
The live-sync cannot be executed because the replication layer was unable to prepare a distributed transaction. This may or may not be a temporary problem. If it persists, the manufacturer must be contacted.

37039 - 800090AF

ERR_REPL_PART_CANNOT_ADD_LOG
Write failure in the replication layer.
The operation cannot be executed. Reserved for structural problems in the replication layer. This must be a temporary problem. If it persists, contact the manufacturer.

37040 - 800090B0

ERR_REPL_COOR_CANNOT_ADD_LOG
Write failure in the replication layer.
The operation cannot be executed. Reserved for structural problems in the replication layer. This must be a temporary problem. If it persists, contact the manufacturer.

47000 - 8000B798

ERR_CANNOT_LOAD_DEPRECATED_LICENSE
Failed to load the device license.
HSM cannot open/read your license information. This error is usually temporary, but can signal serious data corruption (and/or hardware problems). Consult the manufacturer.

47001 - 8000B799

ERR_INVALID_DEPRECATED_LICENSE
The equipment license cannot be used.
HSM cannot apply your licensing information. This error is usually temporary, but may signal serious data corruption (and/or hardware problems). Check with the manufacturer.

47002 - 8000B79A

ERR_DEPRECATED_LICENSE_EXPIRED
The equipment's license has expired.
HSM has applied your license information, which has expired. Please consult your supplier.

47003 - 8000B79B

ERR_DEPRECATED_LICENSE_BLOCKED
The device's license is blocked.
HSM has applied its licensing information, which signals blocking. This error may be temporary. Please consult your supplier.