On-board RSA key generation on Cyberflex Access 64K V2 / Memory leak?

The description of the Cyberflex Access 64K V2 card states that "On-board key generation RSA up to 2048 bit" (http://www.youcard.de/datenblaetter/chipkarten/DS%20Cyberflex_Access.pdf). So I assume that this implicates that it should somehow be able to instantiate a KeyPair object on which genKeyPair() can be called.
When I first tried to instantiate an Object either by using KeyBuilder.buildKey or KeyPair I just received an 0x6F00 error. After removing all of the other objects that were also instantiated I was able to create one Key object using KeyBuilder (RSAPrivateKey or RSAPublicKey). However, as soon as I tried to instantiate two Key objects at the same time I just received the 0x6F00 error again.
I create these objects by using:
private static RSAPublicKey pubKey;
private static RSAPrivateCrtKey privKey;
protected Foo() {
    pubKey = (RSAPublicKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PUBLIC, KeyBuilder.LENGTH_RSA_1024, true);
    privKey = (RSAPrivateCrtKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_CRT_PRIVATE, KeyBuilder.LENGTH_RSA_1024, true);
    register();
}So it seems that there is not enough free (EEPROM) memory for both objects. Is this a known problem with the Cyberflex cards? Is there some workaround? Could it be possible that some former test-applets that I've used (and already deleted) on the card leaked some memory that is missing now?

I think that I've just found the problem. The value of "-nvDataLimit" in the install APDU that I've sent via gpshell was too low. It seems to work with a higher value.

Similar Messages

  • RSA key generation on JCOP31 v2.4.1 times out

    I have an applet that generates both 1024-bit and 2048-bit RSA key pairs. The applet works on an NXP JCOP41 v2.2.1 smart card, but times out on an NXP JCOP31 v2.4.1 smart card. The applet was compiled with javacard 2.1.1. The JCOP41 card is at javacard 2.2.1. The JCOP31 card is at javacard 2.2.2. I am using an Omnikey CardMan 3821 smart card reader. Does anyone have any experience with generating RSA keys on the NXP JCOP31 v2.4.1 smart card? Thanks.

    Hi,
    The card probably doesn't timeout. It knows that RSA keygen is long, and it should send null procedure bytes in T=0 or S(WTX) blocks in T=1.
    Only a protocol analyser (or oscilloscope) could tell if the card really timeouts. But that's not probable.
    What is probable is that the reader timeouts. Try with another reader if possible.
    Does the reader have an activity led? does it blink or something while the card is generating the key?
    If you get the same behaviour, check the low level card exchanges. But I would be surprised that NXP sells card that go mute on RSA key generation. Or you have a faulty card.
    Regards

  • Pleasse Help Me (RSA Key Generation Problem)

    Hi All,
    The following code throws an exception called "java.lang.NoClassDefFoundError: java/security/SecureRandom: Cannot create class in system package"
    private void generateRSAKeyPair() throws Exception
              try
                   System.out.println("Inside try");
                   SecureRandom theSecureRandom = new SecureRandom();
                   BigInteger thePublicExponent = new BigInteger("10001", 16);
                   RSAKeyGenerationParameters theRSAKeyGenParam =
                   new RSAKeyGenerationParameters(thePublicExponent, theSecureRandom, 1024, 80);
                   RSAKeyPairGenerator theRSAKeyPairGen = new RSAKeyPairGenerator();
                   theRSAKeyPairGen.init(theRSAKeyGenParam);
                   AsymmetricCipherKeyPair theKeyPair = theRSAKeyPairGen.generateKeyPair();
                   _RSAPrivateKey = (RSAPrivateCrtKeyParameters) theKeyPair.getPrivate();
                   _RSAPublicKey = (RSAKeyParameters) theKeyPair.getPublic();
              catch (Exception e)
                   e.printStackTrace();
    Please tell me the reason

    Too many variables - memory, CPU, architecture, do you have hardware crypto, etc. etc. etc.. But it's quite expensive to generate RSA keypairs, your numbers look "reasonable" (given that I know nothing about the hardware you're running them on) to me.
    Grant

  • RSA key and block size

    Let's say that I have an RSA key pair that has been generated in a keystore using the keytool utility.
    I am now accessing this key pair through some java code (using the Keystore class) and I want to encrypt/decrypt data using this public/private key.
    In order to encrypt/decrypt arbitray length data, I need to know the maximum block size that I can encrypt/decrypt.
    Based upon my experiment, this block size seems to be the size of the key divided by 8 and minus 11.
    But how can I determine all that programatically when the only thing that I have is the keystore?
    I did not find a way to figure out the size of the key from the keystore (unless it can be computed from the RSA exponent or modulus, but this is where my knowledged of RSA keys stops) and I did not find a way to figure out where this "magic" number 11 is coming from.
    I can always encrypt 1 byte of data and look at the size of the result. This will give me the blocksize and the key size by multiplying it by 8. But it means that I always need the public key around to compute this size (I cannot do it if I have only the private key).
    And this is not helping much on the number 11 side.
    Am I missing something obvious?
    Thanks.

    It is probably a bug. A naive implementation of RSA key generation that would exhibit this bug would work as follows (I'm ignoring the encrypt and decrypt exponents intentionally):
    input: an rsa modulus bit size k, k is even:
    output: the rsa modulus n.
    k is even, so let k=2*l
    step1: generate an l bit prime p, 2^l(-1) < p < 2^l
    step2: generate another l bit prime q, 2^l(-1) < q < 2^l
    step3: output n = p*q
    Now the above might seem reasonable, but when you multiply the inequalities you get
    2^(2*l -2) < n < 2^(2l)
    That lower bound means that n can be 1 bit smaller than you expect.. The correct smallest lower bound for generating the primes p and q is (2^l) / sqrt(2), rounded up to the nearest integer.
    I'll bet the IBM code implements something like the first algorithm.

  • Generating RSA keys based on p, q, and public exponent

    Hi,
    The problem is the following. I need to generate an RSA key pair on the card based on pre-defined P, Q and public exponent. The KeyPair specs syas that if the public exponent is pre-initialized it will be retained. All other values are overwritten though (I checked with a test applet on jcop41). So two questions:
    1. Do you know of any card that can also retain p and q and generate (calculate) dp, dq, pq, and public modulus. This is contrary to the specification so I doubt there would be any, but it is always good to ask.
    2. Do any of you have a Java code that would do this (ie. calculate the missing key components) that can be run on Java Card, ie. does not use BigInteger or similar classes.
    Cheers,
    Woj

    That is exactly the point I was trying to make, I actually forgot about this thread, because the problem at hand went on the shelf for the moment. To reformulate:
    1. I have only certain parts of the RSA key, but enough parts to determine a valid private/public key pair.
    2. Now I want to generate the missing parts on the card. The JC API requires all the parts to be supplied, it is not possible to provide only partial (but determining the whole key) key information. The KeyPair class can only retain the public exponent during key generation, but not the other parts (according to the specs and my own tests).
    3. My wild guess is that it would probably be doable without too much hassle with host JCE, but it's not an option for me, it has to be done on the card.
    4. I could try to write my own Java Card code that would do this based on, say, openssl implementation, but now I am too lazy, so that's why I asked if somebody possibly has the code that does this.
    Cheers,
    Woj

  • Marinescu Primary Key Generation

    Hi
    i'm using Marinescus Primary Key Generation schema, but i'm having a problem
    As i see it in EJB Design Patterns (Marinescus Book), he uses a Hashtable to store the values so that the Bean doesn't have to access the database everytime
    My problem is that this Hashtable is not working, because each client when access the Bean, this creates a new bean (just like in the pattern) and thus there is never info on the Hashtable, thus the application has to go to the Database.
    If i put the Hashtable as static, i will have Concurrency Problems
    But my real problem is that i've seen various implementations of this pattern, and no one seems to talk about this problem
    Am i missing something ?
    I've thought maybe Marinescus uses only one static SessionBean (resolving the problem), but he create one Bean for each request also
    Thanks

    So, i found the problem
    I had the SessionBean configured as a Stateful Session Bean
    But if i change it to Stateless it starts working
    I still didn't figured out why (as no Load, Store, Passivation or Activation code exists to keep or get the Hashtable)
    So if any one could explain it to me, it would be nice :)
    Thanks

  • Any script to let me find out which Cisco switches have RSA key less than 800 bit?

    Hi,
    Imagine I have 500 Cisco switches (2950, 3750, 4507), IOS 12.3 but some may have different IOS level.
    I know that some of these switches got 'cry key gen rsa' key size = 512.
    I need to have key size = 800 bit.
    We do not have Cisco Works in place. Someone in my organization tells me that I would need all these switches at 800 bit otherwise CiscoWorks can't login to it. Does that make sense? I am not sure if I understand that correctly.
    Question:
    If it is true that CiscoWorks can't access such switches and let me change that setting automatically, do you know any script which I could use to let me run against a list of IP addresses and query the switches to find out where RSA key is 800 bits? If it is not 800 bit, I would like to log a message so that I could go manually to the switch to re-execute 'cry key gen rsa' and do 800 bit instead.

    IOS 12.3 doesn't run on any of these switches.
    LMS can login to switches with an RSA modulus of 512 bits.  It will just use SSHv1 instead of v2.  I do not know of any pre-built scripts to change the modulus size; however, it would be relatively trivial to do with expect.  You could deploy one command to avoid the interactivity:
    crypto key generate rsa gen mod 800

  • EToken + RSA Key Secondary Authentication problem

    Hello. I need to access to an eToken using Java Security API (PKCS11) and I can't use the "RSA Key Secondary Authentication" mode because when I try to sign I've got an error (CKR_USER_NOT_LOGGED_IN).
    Do you know why it happens?
    This is my code:
    String pkcs11config;
    pkcs11config = "name = my-eToken";
    pkcs11config += "\nlibrary = c:\\WINDOWS\\system32\\eTpkcs11.dll";
    InputStream confStream = new ByteArrayInputStream(pkcs11config.getBytes());
    sunpkcs11 = new SunPKCS11(confStream);
    Security.addProvider(sunpkcs11);
    alias = "myAlias";
    KeyStore.Builder builder = KeyStore.Builder.newInstance("PKCS11", sunpkcs11,
      new KeyStore.CallbackHandlerProtection(new MyCallbackHandler()));
    KeyStore keyStore = builder.getKeyStore();
    // get my private key
    KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias,
            new KeyStore.PasswordProtection("aliasPwd".toCharArray()));
    privateKey = pkEntry.getPrivateKey();
    Serializable o = new SignedBean("bla bla");  //dummy object which wraps a String, just for testing
    sig = Signature.getInstance("SHA1withRSA");
    signedObject = new SignedObject(o, privateKey, sig);And when attempts to create an instance of SignedObject throws the exception:
    java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_USER_NOT_LOGGED_IN
         at sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:420)
         at java.security.Signature$Delegate.engineSign(Signature.java:1131)
         at java.security.Signature.sign(Signature.java:527)
         at java.security.SignedObject.sign(SignedObject.java:227)
         at java.security.SignedObject.<init>(SignedObject.java:144)
         at ar.gov.mecon.esidif.firmaDigital.test.ETokenTest2.testLogin(ETokenTest2.java:99)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:585)
         at junit.framework.TestCase.runTest(TestCase.java:154)
         at junit.framework.TestCase.runBare(TestCase.java:127)
         at junit.framework.TestResult$1.protect(TestResult.java:106)
         at junit.framework.TestResult.runProtected(TestResult.java:124)
         at junit.framework.TestResult.run(TestResult.java:109)
         at junit.framework.TestCase.run(TestCase.java:118)
         at junit.framework.TestSuite.runTest(TestSuite.java:208)
         at junit.framework.TestSuite.run(TestSuite.java:203)
         at org.eclipse.jdt.internal.junit.runner.junit3.JUnit3TestReference.run(JUnit3TestReference.java:128)
         at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
         at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:460)
         at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:673)
         at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:386)
         at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)
    Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_USER_NOT_LOGGED_IN
         at sun.security.pkcs11.wrapper.PKCS11.C_SignFinal(Native Method)
         at sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:391)
         ... 23 moreThanks in advance

    Hello. Try redefining your callback:
    KeyStore.Builder builder = KeyStore.Builder.newInstance("PKCS11", sunpkcs11,
      new KeyStore.CallbackHandlerProtection(new CallbackHandler() {
        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
          //makes nothing... so the native driver login implemantation is called
    KeyStore keyStore = builder.getKeyStore();
    // get my private key
    privateKey = (PrivateKey) this.getKeyStore().getKey(alias, null); //send null cause the secondary pwd is gotten by the driver In my case, it works fine (JDK 1.5), but it open twice the dialog for the secondary key :( I don't know why!!
    If you know, please answer me!!
    Hope this help you

  • Read "Qualified Range Key Generation" with Java API.

    Hi guru,
    I use MDM 5.5 SP6.
    In MDM Console I read Qualified Range Key Generation it in "ADMIN -> Remote Systems -> Qualified Range".
    I have to get "Qualified Range Key Generation" with Java API.
    It's possible?

    Hi Rocco,
    I am also thinking  of same scenario.I thought it is possible in Java Apis by calling the webservices for MDM.there is a service of "get key mapping" where we can pass this "Qualified key range" as  parameter.In MDM we have to define a look up table for that key ranges .We will access that table through JAVA API and then link it with the key mapping service .
    If u find any solution to apply this ,please share.
    thanks and regards
    Ank

  • Will zeroizing and regenerating the Default-RSA-Key affect any other general purpose keys on my ASA 5545x?

    I have an ASA 5545x that is a production device for receiving all AnyConnect VPN traffic for our organization. We purchased and installed a Comodo certificate to create the trust level necessary for our employees to connect. I'm attempting to enable SSH on the device for management purposes, but the current <Default-RSA-Key> does not allow me to initiate a valid SSH session. I have encountered this issue on other ASAs within our organization, and it hasn't been an issue to simply zeroize the current key and regenerate it to restore the ability to SSH to the devices. Where the snag comes in is that this 5545x is the only ASA that has a key installed that wasn't self signed. With that in mind, I have a few questions about whether 3rd-party signed keys are dependent on the self-signed keys on the device. I intend to zeroize both the <Default-RSA-Key> and the <Default-RSA-Key>.server certificates if they will not affect my VPN-associated Comodo key.
    Does the Comodo key depend on other keys existing on the ASA?
    Am I free to zeroize only the <Default-RSA-Key> without affecting the VPN associated Comodo key?
    Here is the result of the command "show crypto key mypubkey rsa" :
    Key pair was generated at: 12:02:29 CDT Aug 19 2014
    Key name: <Default-RSA-Key>
     Usage: General Purpose Key
     Modulus Size (bits): 1024
     Key Data:
    <Redacted>
    Key pair was generated at: 10:16:52 CDT Sep 20 2012
    Key name: my.comodo.key
     Usage: General Purpose Key
     Modulus Size (bits): 2048
     Key Data:
    <Redacted>
    Key pair was generated at: 01:35:42 CDT Jul 30 2014
    Key name: <Default-RSA-Key>.server
     Usage: Encryption Key
     Modulus Size (bits): 768
     Key Data:
    <Redacted>
    Thank you to any and all that assist me in understanding how the ASA handles certificate keys.

    As long as the Comodo-signed certificate is bound to the my.comodo.key private key (i.e. you used that key when generating the certificate signing request), you should be fine to zeroize the Default-RSA-Key. The latter should ideally only be used for ssh access.

  • SSH RSA key fingerprint not what expected in TouchTerm (iPhone)

    Hi,
    I'm in the process of setting up an SSH server on my Mac Pro for access on my iPhone running TouchTerm. So far I've done the following:
    1) Generated a 2048-bit RSA key pair on the iPhone in TouchTerm
    2) Added the Public key generated on the iPhone to the Mac Pro's "authorized_keys" file
    3) Generated a 2048-bit RSA key pair on the Mac Pro using ssh-keygen with default settings and no passphrase (as required for a Host key pair, according to the manual)
    4) Turned on SSH access in System Preferences > Sharing, for one specific user only
    5) Set up TouchTerm according to my Mac Pro's IP address (which has been static for a couple of years now, and I've checked it today, so nothing wrong there) and username.
    Now, when I attempt to connect to the Mac Pro from my iPhone over Edge or 3G, my Mac Pro's firewall registers the connection attempt with the following:
    Allow sshd-keygen-wrapper connecting from <IP ADDRESS REDACTED> to port 22 proto=6
    In TouchTerm a host fingerprint is displayed - however, this fingerprint differs in its entirety from the fingerprint revealed when I run the following command on the Mac Pro:
    ssh-keygen -l ./id_rsa.pub
    I only have one key pair generated in the user account on the Mac Pro that I'm requesting access to from TouchTerm. The other user account has no key pairs generated at all. If I select "OK" in TouchTerm, it proceeds to ask me for my local key's passphrase, but I'm unwilling to proceed past this point as I don't want to connect to a potentially unknown host.
    I'm loathe to believe I'm the victim of a Man in the Middle attack, so what am I missing here?
    S.

    BobHarris wrote:
    The host key cones from /etc/sshhostkey
    There dsa and rsa host key flavors in /etc
    That should read
    /etc/sshhostkey
    as in
    /etc/sshhost_dsakey
    /etc/sshhost_dsakey.pub
    /etc/sshhostkey
    /etc/sshhostkey.pub
    /etc/sshhost_rsakey
    /etc/sshhost_rsakey.pub

  • Install:Install/MakeSelectable on Cyberflex Access 32K e-gate

    Hi at the JavaCard forum,
    I used to load applets with my OCF loader to Cyberflex Access Developer 32K cards. Now, that these cards aren't sold anymore, I want to upgrade my loader to handle regular Access cards with CodeShield enabled. I managed it to build, transform and load those special CAPs successfully. BUT, the following Install:Install or Install:Install/MakeSelectable command keeps failing with 6A 80.
    I do not use any DAP for loading, everything is in clear.
    Install:Load
    ->80 E6 02 00 10 05 A0 00 00 00 01 00 00 06 EF 04 C6 02 28 F9 00
    <-90 00
    Load
    ->80 E8 00 00 FF C4 82 28 F9 01 00 0F DE CA FF ED ...
    <-90 00
    Install:Install/MakeSelectable
    ->80 E6 0C 00 1C 05 A0 00 00 00 01 06 A0 00 00 00 01 01 00 01 02 0A EF 08 C8 02 48 00 C9 02 00 00 00
    <-6A 80
    Is there anything suspicious in this command? It works with the Developer card, but that has not much to say in respect to the regular Access cards, I guess.
    I also tried to include the load file's application ID again as instance AID but same result: 6A 80
    Does somebody know, what's wrong here?
    Thanks in advance
    Martin

    Hi Jo,
    It strips out the cap component
    header information and changes some of the data. The
    CodeShield cards then read that data then discard it....
    I did a diff on a transformed load file and found the Method and RefLocation components are also altered, which is reflected by changes in Applet, Class and Directory components, but that's just a guess. Header, Import and StaticField aren't changed at all. Somehow, the optional Descriptor component is also appended by makeIJC, maybe CodeShield needs it, but yes, this data is supposed to be discarded afterwards.
    The .JAR file is the original Sun generated .CAP file
    so you may use OTHER vendors cards.
    One has just to skip the transform step to load other OP cards, basically.
    CodeShield isn't friendly because it forces you to use
    the Axalto kit in order to use their cards. Get the
    kit or switch to more user friendly cards that don't
    have on-card byte-code verifiers. JCOP family
    cards,G&D, and Datakey.Yeah, you sound like me in http://lists.musclecard.com/pipermail/muscle/2003-May/000825.html. I somehow grew up with the Cyberflex cards and the early CITI tools. I just reanimated old Cyberflex 16K to support PKCS#15 aka OpenSC, my favourite PKCS#15 framework. And Schlumberger/Axalto isn't that bad, they are pioneers of JavaCard technology, sell also in small quantities and have public docs available. That's a fairly 'open' approach compared to their competitors. I still think its the only card where you just buy 5 cards and do all the rest by yourself.
    >
    Axalto does provide CodeShield disabled cards to its
    strategic business partners. For a time they sold the so called Cyberflex Access Developer 32K card to the public, but it's somehow no more available. That was the reason for updating my loader to support the regular Access cards.
    >
    I don't believe in the on-card byte code verifier
    because I believe all I have to do is a WinDiff on the
    jar and the cap, and copy those differences to any cap
    file to get it to load without running it thru the
    makeIJC. I don't have the time to attempt it. I'd much
    rather use more interoperable cards then waste my time
    hacking Axalto to work. There are rumours, that C will soon fade away, like RSA 1024 (hehe), because it enforces you to write security holes in every second line of code. One asset of the Java language is its byte-code verification mechanism to detect malicious code that might compromise the VM in any way, and that's an asset for Axalto too. It was fairly easy to get the captransformer from Trusted Logic; since it's just another Jar, one could even incorporate it into the loader. But I am not a lawyer, and prefer to keep my code separate ;)
    Actually with the help of a compassionate guy, who sent me a log output of the $DK, I could drill my install problem down to a simple Cyberflex Programmer's documentation ambiguity on p. 99:
    The 'Load Parameters Data Block' for the Install:Install/MakeSelectable command is documented as
    0A EF 08 C8 02 48 00 C9 02 00 00
    ______^^
    which imposes on me that 08 is the length of the whole Cx tag buffer, BUT it's not, it's only the size of the C8 tag, bummer. With a size of 04 it works, and it does also if you revert the tags like:
    0A C9 02 00 00 EF 04 C8 02 48 00
    The error description for 6A 80 was completely misleading too...
    I'll update the loader accordingly and it will be available in a few days at
    http://home.vr-web.de/~martin.buechler/smartcard/CFlexAccess32Loader.zip
    Just in case it happens, that a Cyberflex cards hits you :)
    BTW, another thing. Didn't you mention in another post to this forum the need for an OS PKCS#15-CardEdge applet project? Something new about it? I'd like to have something like that; the MUSCLE applet might serve as crypto library and one could write against Chaskiel Grundmann's JCOP driver for OpenSC.
    Cheers

  • How do I setup my Time Capsule (3rd Generation) to be accessed from the internet while I'm traveling?

    How do I setup my Time Capsule (3rd Generation) to be accessed from the internet while I'm traveling? It is installed on my home network behind my TWC broadband router.

    Ok.. since the TWC modem is also a router.. all configuration takes place on this box.. NONE whatsoever takes place on the TC.
    There is no airport utility 7.7.3 but there is a firmware of that number for the latest AC model TC..
    Is it tall like this.
    Then it is Gen5.
    otherwise it will have a firmware.. 7.6.4 or earlier and the airport utility must be 6.3 or earlier.
    Open the Airport utility and give us a screenshot of the summary page.
    That will also help us determine that you have the TC, which version and how it is setup.
    You might want to press the edit and also give us the Internet and Network tab as they should be set correctly as well.
    I have created a DDNS through DYN.com although I am not sure how to implement this into the TC.
    You do not do anything in the TC.. set it up in the Ubee router.
    Port forward 548 to the TC in the Ubee router.
    And make sure the TC has a static IP in the Ubee router.
    Overall if you find this too hard I strongly recommend you buy a product designed for remote access .. eg WD MyCloud.. they are cheap and easy peasy to setup for remote access.. by PC or Mac and since it is built outside of Apple you not bound up in Apple limitations built into all their equipment to prevent you using it the way you want.. rather than apple want you too.. eg BTMM and iCloud being the only way apple provide for access to the TC and only when it is the main router of the network.
    You are fighting hard because Apple made this hard.. not easy.

  • Key Generation in console

    Hi Folks,
    I have defined key generation in console .I need some information in key generation such as ,if i define None ,range and Qualifed Range.
    Where it effect and what are significance of it.
    Secondaly., We create clone in Import manager and then we do mapping to remote key to the clone of the main table. I am looking for the business significance and techanical signifiance of it.
    Thanks in advance,
    Rohit

    Hi Rohit,
    If you choose
    NONE: - Then remote key will not be generated automatically and has to be applied explicitly either using import manager or in data manager.
    RANGE: - Here we can specify a range using TO and FROM. This generates the key automatically for that client between that range.
    Qualified range: - Here we specify a range for a qualified table for key generation.
    Keys are generated on a per value basis i.e. MDM automatically generates keys for the specified single-valued lookup field based on values you specify
    using the Range property. You can specify Qualified Range values by selecting the
    single-valued lookup field from the drop-down list and specifying From
    and To values for each lookup table value.
    Let me know if this helped your cause.
    BR,
    Siddharth

  • Key Generation, doesnt work

    Hi, every body
    I want to generate new Material Number automatically for new Materials
    I have done the following steps
    - I have set Key Mapping to YES in Products main table
    - In the remote systems I added a new remote system called SAP_ECC
    - In this remote system I set the Key Generation to Qualified Range and set the Look Field to Material Type, also fill the Qualified Range to something like this
      [NULL]  9990000001 to 9999999999
      ZHOR   9010000001 to 9019999999
      ZVER   9020000001 to 9029999999
      ZHIB    9030000001 to 9039999999
    - In the syndicator I configured a port called TO_ECC to work with SAP_ECC remote system
    - Mapped the [Remote Key]/[Value] to MATNR field in iDOC MATMAS05
    In the Preview pane I only see Material Numbers (MATNR) which I have manually edited    its mapping value. Material Numbers are empty for new Materials.
    Please tell me. What I'm missing?

    Hi Rafael
    In my experience with Key Generation, the keys are only created for the remote system  once a Syndication job has actually processed the record. I'd guess that this is so in order to minimise the amount of work done by the MDM Server and to avoid "wasting" keys.
    To see that it does work : execute the Syndication job then refresh the Record view (press F5) in the Syndicator. The Destination Preview tab should now contain the newly generated key.
    HTH,
    Mark

Maybe you are looking for