Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-2206105.1
Update Date:2018-05-29
Keywords:
Solution Type  Problem Resolution Sure

Solution  2206105.1 :   Oracle Key Manager (OKM) - PKCS11 Error Code: 104  

Related Items 
    

  • Oracle Key Manager
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>TAPE>Backup Software-Filesystems>SN-TP: Encryption
    •  






In this Document


Symptoms


Changes


Cause


Solution


References

Created from <SR 3-13258209591>


Applies to:  

Oracle Key Manager - Version 2.4 to 3.1 [Release 2.0 to 3.0]
Information in this document applies to any platform.



Symptoms


Error trying to create Oracle Database Table with encryption


HSM heartbeat died. Likely the connection has been lost.


PKCS11 function C_EncryptInit returned PKCS11 error code: 104


HSM connection lost, closing wallet


When trying to create Oracle Database Table using OKM, TDE and PKCS11


Changes


 None


Cause


 OKM Encryption cryptoperiod key expired


Solution


Option 1)


Re-Key TDE master key


From the Oracle Database System run following command using


SQL*Plus command line interface


SQL>ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "password"


 


Option 2)


Set the following environment variable, so no re-key is needed


Set the following environment variable for the user associated with the pkcs11_kms token (typically the Oracle user's profile):


# export PKCS11_KMS_ALLOW_ENCRYPT_WITH_DEACTIVATED_KEYS=1


Restart the database.


 


 


References
 <BUG:24580934> - HSM HEARTBEAT DIED PKCS ERROR CODE 104 ON ORACLE KEY MANAGER
<NOTE:394539.1> - ORA-28353 - Cannot Set The Encryption Key Password for TDE



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback