You receive the "Keyset does not exist" error message when you try to create a manifest from a hardware security module (HSM) device (837264)


The information in this article applies to:

  • Microsoft Windows Rights Management Services (RMS) for Windows Server 2003

SYMPTOMS

When you try to create a manifest by using a key pair in a key container from a hardware security module (HSM) device, the GenManifest tool does not create the manifest. Additionally, you receive the following error message:

Keyset does not exist

RESOLUTION

You can generate key pairs for use with the GenManifest tool. The key pairs will be stored in an HSM. When you generate this kind of key pair, make sure that you use the machine context to create the key. You cannot access user context key containers by using the GenManifest tool through an HSM.

MORE INFORMATION

The Windows Rights Management client software development kit (SDK) contains the GenManifest tool to create application manifests. Many publishing applications and all applications that consume Windows Rights Management (RM) require a manifest.

A manifest is a signed eXtensible rights Markup Language (XrML) chain that does the following:
  • Identifies the application itself
  • Identifies the libraries that the application may use or must use
  • Identifies the applications that cannot be loaded in the same process as the application that is protected
The person who develops the application creates the manifest and gives the manifest to the user of the application.

A series of signed XrML manifests is known as a manifest chain. The manifest chain is a signed, self-proving chain that leads to a root of trust.
Modification Type:MajorLast Reviewed:2/17/2006
Keywords:kbContainer kbSecurityServices kbHardware kbprb KB837264 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.