Back to top

Knox Enhanced Attestation Error code -5: ERROR_INVALID_NONCE

Last updated July 26th, 2023



  • Knox Platform for Enterprise (Knox 3.4 and above)
  • Knox Enhanced Attestation v3


On Samsung devices that support Knox and run Knox 3.4 or higher, when EMM or ISV tries to verify device data integrity with a generated nonce, the Knox attestation server returns a -5 or 400 invalid nonce error.


A nonce is a one-time token and its time period is 5 minutes. Therefore, an invalid nonce error can happen in the following scenarios:

  1. The same nonce is used multiple times.
  2. The nonce is used 5 minutes or more after being created.
  3. The nonce is not generated by the Knox Server or AUK is not matched.


Please ensure the following to prevent an error message:

  1. The same nonce should not be used multiple times.
  2. If the last nonce is generated more than 5 minutes ago, create a new nonce before starting the attestation.
  3. Generate AUK from your KPP account and refer to the Knox attestation tutorial for creating a nonce.

Is this page helpful?