[Mini-NDN] ERROR: private key doesn't exist - Signature
Matteo Bertolino
Matteo.Bertolino at eurecom.fr
Thu Sep 29 04:40:05 PDT 2016
Good morning community,
I successfully issued my certification chain, but.. When I try to
perform the operation, the error "Private key does not exist" block
me. It would be really important for me solving this.
I am using the ndn-cxx with mini, but it is possible that my error is
about the concept.
The topology:
1 Consumer CS (requesting /root/site1/site2)
1 Authority root AR
1 Sub Authority A1 (signed by AR)
1 Producer PR (signed by A1) (has /root/site1/site2)
and a Gateway that connects all.
The steps that I did are (following a guide):
1) Generate a root key: AR ndnsec-keygen /root | tee root.ndncert |
ndnsec-cert-install -
2) Copy the root cert into the CS directory
3) Generate the key for the subauthority:
A1 ndnsec-keygen /root/site1 > site1.req
copy site1.req in AR folder
4) Generate the certificates for the subauthority, signed by AR
AR ndnsec-certgen -N /root/site1 -s /root site1.req > site1.ndncert
copy it into A1 folder
5) Install the certificates in A1 and AR.
A1 ndnsec-cert-install -f site1.ndncert
AR ndnsec-cert-install -f site1.ndncert
The, exactly the same steps for the PR that is certified by the
subauthority A1.
1) Generate the key for the producer:
PR ndnsec-keygen /root/site1/site2 > site2.req
copy site2.req in A1 folder
2) Generate the certificates for the producer, signed by A1
A1 ndnsec-certgen -N /root/site1/site2 -s /root/site1 site2.req >
site2.ndncert
copy it into PR folder
5) Install the certificates in A1 and PR.
A1 ndnsec-cert-install -f site2.ndncert
PR ndnsec-cert-install -f site2.ndncert
At the end of this procedure, I think that all is correct. A
confirmation is obtained launching the command: NODE ndnsec list -c
Root Authority, indeed, has:
[...]
/root/KEY/ksk[...]/ID-CERT/[...] (identity /root)
/root/KEY/site1/ksk[...]/ID-CERT/[...] (identity /root/site1)
The subauthority A1 has:
/root/KEY/site1/ksk[...]/ID-CERT/[...] (identity /root/site1)
/root/site1/KEY/site2/ksk[...]/ID-CERT/[...] (identity /root/site1/site2)
And the producer:
/root/site1/KEY/site2/ksk[...]/ID-CERT/[...] (identity /root/site1/site2)
Then the final steps are the advertisements:
pr nlsrc advertise /root/site1/site2
ERROR: private key doesn't exist
a1 nlsrc advertise /root/site1/KEY
ERROR: private key doesn't exist
ar nlsrc advertise /root/KEY
ERROR: private key doesn't exist
If I did the advertisements before all, it does not work the same later.
Why, considering that the certification chain is (I think) correct?
Thanks a lot,
Matteo
-------------------------------------------------------------------------------
This message was sent using EURECOM Webmail: http://webmail.eurecom.fr
More information about the Mini-NDN
mailing list