<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none"><!-- p { margin-top: 0px; margin-bottom: 0px; }--></style>
</head>
<body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:'Times New Roman',Times,serif;">
<p>Asha,<br>
</p>
<p>I'm not sure what went wrong. Something must have happened during your HA setup. You might check a couple different things, first you might check out your HA policies and HA group setup. The other thing you might make sure is that you only generate one mkek
and hmac on one hsm (I use direct slot and not the HA virtual slot for this) and then replicate (vtl haAdmin -synchronize). If the HA group is setup properly it should replicate your mkek and hmac across the other HSMs in the HA group. As a side note, the
pkcs11 plugin in Barbican currently retrieves the mkek and hmac by label, so make sure you don't have multiple keys in the HSM with the same label.<br>
</p>
<p><br>
</p>
<div id="Signature">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div>
<div class="BodyFragment"><font face="Arial">
<div class="PlainText"><font face="Times New Roman" size="3">John Vrbanac</font><br>
</div>
</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div style="color: rgb(33, 33, 33);">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Asha Seshagiri <asha.seshagiri@gmail.com><br>
<b>Sent:</b> Tuesday, July 28, 2015 9:22 AM<br>
<b>To:</b> John Vrbanac<br>
<b>Cc:</b> openstack-dev; John Wood; Douglas Mendizabal; Reller, Nathan S.<br>
<b>Subject:</b> Re: Barbican : Unable to create the secret after Integrating Barbican with HSM HA</font>
<div> </div>
</div>
<div>
<div dir="ltr">
<div>
<div>
<div>Hi John ,<br>
<br>
</div>
Any help would highly be appreciated.<br>
<br>
</div>
Thanks and Regards,<br>
</div>
Asha Seshagiri<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Jul 27, 2015 at 3:10 PM, Asha Seshagiri <span dir="ltr">
<<a href="mailto:asha.seshagiri@gmail.com" target="_blank">asha.seshagiri@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex">
<div dir="ltr">
<div>
<div>
<div>Hi John ,<br>
<br>
</div>
Thanks a lot for providing me the response:)<br>
</div>
I followed the link[1] for configuring the HA SETUP<br>
[1] : <a href="http://docs.aws.amazon.com/cloudhsm/latest/userguide/ha-setup.html" target="_blank">
http://docs.aws.amazon.com/cloudhsm/latest/userguide/ha-setup.html</a><br>
<br>
</div>
the final step in the above link is haAdmin command which is run on the client side(on Barbican) .<br>
<div>The slot 6 is the virtual slot(only on the client side and not visible on LUNA SA ) and 1 and 2 are actual slots on LUNA SA HSM<br>
<br>
</div>
<div>Please find the response below :<br>
</div>
<div>
<div>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">[root@HSM-Client bin]# ./vtl haAdmin show</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">================ HA Global Configuration Settings ===============</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HA Proxy: disabled</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HA Auto Recovery: disabled</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Maximum Auto Recovery Retry: 0</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Auto Recovery Poll Interval: 60 seconds</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HA Logging: disabled</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Only Show HA Slots: no</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">================ HA Group and Member Information ================</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HA Group Label: barbican_ha</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HA Group Number: 1489361010</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HA Group Slot #: 6</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Synchronization: enabled</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Group Members: 489361010, 489361011</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Standby members: <none></font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Slot # Member S/N Member Label Status</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">====== ========== ============ ======</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">1 489361010 barbican2 alive</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">2 489361011 barbican3 alive</font></font></font></p>
<p style="margin-bottom:0in">After knowing the virtual slot HA number , I ran the pkcs11-key-generation with slot number 6 which did create mkek and hmac in slot/partition 1 and 2 automatically . I am not sure why do we have to replicate the keys between partitions?
Configured the slot 6 on the barbican.conf as mentioned in my first email</p>
<p style="margin-bottom:0in">Not sure what might be the issue and <br>
</p>
<p style="margin-bottom:0in">It would be great if you could tell me the steps or where I would have gone wrong.<br>
</p>
<span class="">
<p style="margin-bottom:0in">Thanks and Regards,</p>
<p style="margin-bottom:0in">Asha Seshagiri<br>
</p>
</span></div>
</div>
<div>
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Jul 27, 2015 at 2:36 PM, John Vrbanac <span dir="ltr">
<<a href="mailto:john.vrbanac@rackspace.com" target="_blank">john.vrbanac@rackspace.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex">
<div dir="ltr" style="font-size:12pt; color:#000000; background-color:#ffffff; font-family:'Times New Roman',Times,serif">
<p>Asha,<br>
</p>
<p>I've used the Safenet HSM "HA" virtual slot setup and it does work. However, the setup is very interesting because you need to generate the MKEK and HMAC on a single HSM and then replicate it to the other HSMs out of band of anything we have in Barbican. If
I recall correctly, the Safenet Luna docs mention how to replicate keys or partitions between HSMs.<span><font color="#888888"><br>
</font></span></p>
<span><font color="#888888">
<p><br>
</p>
<div>
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div>
<div><font face="Arial">
<div><font face="Times New Roman" size="3">John Vrbanac</font><br>
</div>
</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</font></span>
<div style="color:rgb(33,33,33)"><span><font color="#888888">
<hr style="display:inline-block; width:98%">
<div dir="ltr"><font color="#000000" face="Calibri, sans-serif" style="font-size:11pt"><b>From:</b> Asha Seshagiri <<a href="mailto:asha.seshagiri@gmail.com" target="_blank">asha.seshagiri@gmail.com</a>><br>
<b>Sent:</b> Monday, July 27, 2015 2:00 PM<br>
<b>To:</b> openstack-dev<br>
<b>Cc:</b> John Wood; Douglas Mendizabal; John Vrbanac; Reller, Nathan S.<br>
<b>Subject:</b> Barbican : Unable to create the secret after Integrating Barbican with HSM HA</font>
<div> </div>
</div>
</font></span>
<div>
<div>
<div>
<div dir="ltr">
<div>
<div>
<div>
<div>Hi All ,<br>
<br>
</div>
I am working on Integrating Barbican with HSM HA set up.<br>
</div>
I have configured slot 1 and slot 2 to be on HA on Luna SA set up . Slot 6 is a virtual slot on the client side which acts as the proxy for the slot 1 and 2. Hence on the Barbican side , I mentioned the slot number 6 and its password which is identical to that
of the passwords of slot1 and slot 2 in barbican.conf file.<br>
<br>
</div>
Please find the contents of the file :<br>
<br>
# ================= Secret Store Plugin ===================<br>
[secretstore]<br>
namespace = barbican.secretstore.plugin<br>
enabled_secretstore_plugins = store_crypto<br>
<br>
# ================= Crypto plugin ===================<br>
[crypto]<br>
namespace = barbican.crypto.plugin<br>
enabled_crypto_plugins = p11_crypto<br>
<br>
[simple_crypto_plugin]<br>
# the kek should be a 32-byte value which is base64 encoded<br>
kek = 'YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY='<br>
<br>
[dogtag_plugin]<br>
pem_path = '/etc/barbican/kra_admin_cert.pem'<br>
dogtag_host = localhost<br>
dogtag_port = 8443<br>
nss_db_path = '/etc/barbican/alias'<br>
nss_db_path_ca = '/etc/barbican/alias-ca'<br>
nss_password = 'password123'<br>
simple_cmc_profile = 'caOtherCert'<br>
<br>
<b>[p11_crypto_plugin]<br>
# Path to vendor PKCS11 library<br>
library_path = '/usr/lib/libCryptoki2_64.so'<br>
# Password to login to PKCS11 session<br>
login = 'test5678'<br>
# Label to identify master KEK in the HSM (must not be the same as HMAC label)<br>
mkek_label = 'ha_mkek'<br>
# Length in bytes of master KEK<br>
mkek_length = 32<br>
# Label to identify HMAC key in the HSM (must not be the same as MKEK label)<br>
hmac_label = 'ha_hmac'<br>
# HSM Slot id (Should correspond to a configured PKCS11 slot). Default: 1<br>
slot_id = 6<br>
<br>
</b></div>
<b>Was able to create MKEK and HMAC successfully for the slots 1 and 2 on the HSM when we run the
</b><b>pkcs11-key-generation script for slot 6 which should be the expected behaviour.<br>
</b>
<div><br>
[root@HSM-Client bin]# python pkcs11-key-generation --library-path '/usr/lib/libCryptoki2_64.so' --passphrase 'test5678' --slot-id 6 mkek --label 'ha_mkek'<br>
Verified label !<br>
MKEK successfully generated!<br>
[root@HSM-Client bin]# python pkcs11-key-generation --library-path '/usr/lib/libCryptoki2_64.so' --passphrase 'test5678' --slot-id 6 hmac --label 'ha_hmac'<br>
HMAC successfully generated!<br>
[root@HSM-Client bin]#<br>
<br>
<div>Please find the HSM commands and responses to show the details of the partitions and partitions contents :<br>
</div>
<div>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">root@HSM-Client bin]# ./vtl verify</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">The following Luna SA Slots/Partitions were found:</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Slot Serial # Label</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">==== ======== =====</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">1 489361010 barbican2</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">2 489361011 barbican3</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">[HSMtestLuna1] lunash:> partition showcontents -partition barbican2</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Please enter the user password for the partition:</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">> ********</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Partition Name: barbican2</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Partition SN: 489361010</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Storage (Bytes): Total=1046420, Used=256, Free=1046164</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Number objects: 2</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Object Label: ha_mkek</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Object Type: Symmetric Key</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Object Label: ha_hmac</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Object Type: Symmetric Key</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Command Result : 0 (Success)</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">[HSMtestLuna1] lunash:> partition showcontents -partition barbican3</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Please enter the user password for the partition:</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">> ********</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Partition Name: barbican3</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Partition SN: 489361011</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Storage (Bytes): Total=1046420, Used=256, Free=1046164</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Number objects: 2</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Object Label: ha_mkek</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Object Type: Symmetric Key</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Object Label: ha_hmac</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Object Type: Symmetric Key</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><br>
</p>
<br>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">[root@HSM-Client bin]# ./lunacm</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">LunaCM V2.3.3 - Copyright (c) 2006-2013 SafeNet, Inc.</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Available HSM's:</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Slot Id -> 1</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Label -> barbican2</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Serial Number -> 489361010</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Model -> LunaSA</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Firmware Version -> 6.2.1</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Configuration -> Luna SA Slot (PW) Signing With Cloning Mode</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Status -> OK</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Slot Id -> 2</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Label -> barbican3</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Serial Number -> 489361011</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Model -> LunaSA</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Firmware Version -> 6.2.1</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Configuration -> Luna SA Slot (PW) Signing With Cloning Mode</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Status -> OK</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Slot Id -> 6</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Label -> barbican_ha</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Serial Number -> 1489361010</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Model -> LunaVirtual</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Firmware Version -> 6.2.1</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Configuration -> Virtual HSM (PW) Signing With Cloning Mode</font></font></font></p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">HSM Status -> N/A - HA Group</font></font></font></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in"><font color="#000000"><font face="Tahoma"><font size="2">Current Slot Id: 1</font></font></font></p>
<p style="margin-bottom:0in"><b>Tried creating the secrets using the below command :</b></p>
<p style="margin-bottom:0in">root@HSM-Client barbican]# curl -X POST -H 'content-type:application/json' -H 'X-Project-Id:12345' -d '{"payload": "my-secret-here", "payload_content_type": "text/plain"}'
<a href="http://localhost:9311/v1/secrets" target="_blank">http://localhost:9311/v1/secrets</a><br>
{"code": 500, "description": "Secret creation failure seen - please contact site administrator.", "title": "Internal Server Error"}[root@HSM-</p>
<p style="margin-bottom:0in"><b>Please find the logs below :</b><br>
</p>
<p style="margin-bottom:0in"></p>
<p style="margin-bottom:0in">2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers Traceback (most recent call last):<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers File "/root/barbican/barbican/api/controllers/__init__.py", line 104, in handler<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers return fn(inst, *args, **kwargs)<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers File "/root/barbican/barbican/api/controllers/__init__.py", line 90, in enforcer<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers return fn(inst, *args, **kwargs)<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers File "/root/barbican/barbican/api/controllers/__init__.py", line 146, in content_types_enforcer<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers return fn(inst, *args, **kwargs)<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers File "/root/barbican/barbican/api/controllers/secrets.py", line 329, in on_post<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers transport_key_id=data.get('transport_key_id'))<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers File "/root/barbican/barbican/plugin/resources.py", line 104, in store_secret<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers secret_model, project_model)<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers File "/root/barbican/barbican/plugin/resources.py", line 267, in _store_secret_using_plugin<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers secret_metadata = store_plugin.store_secret(secret_dto, context)<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers File "/root/barbican/barbican/plugin/store_crypto.py", line 96, in store_secret<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers encrypt_dto, kek_meta_dto, context.project_model.external_id<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers File "/root/barbican/barbican/plugin/crypto/p11_crypto.py", line 80, in encrypt<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers meta['mkek_label'], meta['hmac_label'], session<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers File "/root/barbican/barbican/plugin/crypto/pkcs11.py", line 687, in unwrap_key<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers self.verify_hmac(hmac_key, hmac, wrapped_key, session)<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers File "/root/barbican/barbican/plugin/crypto/pkcs11.py", line 657, in verify_hmac<br>
<b>2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers rv = self.lib.C_VerifyInit(session, mech, hmac_key)<br>
2015-07-27 11:57:07.586 16362 ERROR barbican.api.controllers TypeError: an integer is required<br>
</b></p>
<p style="margin-bottom:0in"><b>Would like to know wheather Barbican supports Virtual slot configuration since have mentioned the slot # 6 under in barbican.conf file and has anyone tested HSM HA setup with Barbican.<br>
</b></p>
<b></b>Any help would highly be appreciated!<br>
</div>
<div>
<div>
<div>
<div>
<div>-- <br>
<div>
<div><i>Thanks and Regards,</i></div>
<div><i>Asha Seshagiri</i></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div>
<div><i>Thanks and Regards,</i></div>
<div><i>Asha Seshagiri</i></div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div class="gmail_signature">
<div><em>Thanks and Regards,</em></div>
<div><em>Asha Seshagiri</em></div>
</div>
</div>
</div>
</div>
</body>
</html>