Troubleshooting

Error

Possible Reason

Invalid Shared secret

There might be a character encoding issue if your shared secret contains norwegian characters (Æ,Ø,Å,æ,ø,å). Make sure you have configured HAT to use the same character encoding as your terminal window.
For the windows environment, you might try to type the following in your command line shell to enable Nordic characters:
chcp 865 --> Change CodePage

Communication errors with BankID COI

Check if your server machine is located behind an http-proxy server. If so, then enter the proxy host and port when prompted.

Filenames do not contain Norwegian characters.

The filenames used by HAT are dependent on correct locale information on the client machine. Missing locale information might result in Norwegian characters being replaced by the question mark character. On UNIX environments, make sure the LC_CTYPE environment variable matches the desired character encoding. For more information, refer to the manual pages for the "locale" command.

The proof of possession (POP) signature received from merchant is not valid!

There might be something wrong with the public keys bundled in the HAT application for communication with the BankID COI. Make sure you have the latest version of the HAT application available. If the problem persist, contact your bank for any updates on the BankID COI certificates.

Troubleshooting errors related to java installation

The following error messages have been reported in the past, and are caused by missing or unsuccessful installation of "Unlimited Strength Java™ Cryptography Extension Policy Files". Note that the messages may be included within other error messages output to the HAT console, and that the message text may differ depending on the java runtime version used:

  • Failed to decrypt private key
  • [java.lang.SecurityException]: Unsupported keysize or algorithm parameters
  • [java.security.InvalidKeyException]: Illegal key size or default parameters
  • [java.security.InvalidKeyException]: Illegal key size


Do the following to verify that your Java installation has unlimited strength policy files installed:

  1. Make sure you have located the Java installation used by HAT, which should be specified in runHAT.sh/runHAT.bat. If you refer to the environment variable JAVA_HOME, check that this is set correctly. Printing the JAVA_HOME environment variable and the java version from the script eliminates any doubt.
  2. Navigate to the jre/lib/security directory of your Java installation.
  3. Extract (unzip) the local_policy.jar file to a temporary directory. You can use the jar tool or a standard unzip program to extract the content.
  4. Locate and open the file META-INF/MANIFEST.MF file in your favourite editor
  5. Verify that the manifest file contains the line: Crypto-Strength: unlimited


If the manifest file contains "Crypto-Strength: limited", you need to (re)install the "Unlimited Strength Java™ Cryptography Extension Policy Files".