[Nfd-dev] New NFD installation: Fail to sign data
Alex Afanasyev
aa at CS.UCLA.EDU
Tue Sep 8 13:22:01 PDT 2015
Oh. I should've asked this question first (OS X keychain error message wasn't too helpful). This is a known issue with OS X KeyChain---the user has to be authorize usage of keychain in UI interface. There is an option to unlock keychain in the command line, but this is not a too reliable way:
security unlock-keychain -p "password"
---
Alex
> On Sep 8, 2015, at 1:16 PM, Thompson, Jeff <jefft0 at remap.ucla.edu> wrote:
>
> Problem solved. Found a bunch of messages in the UI of the virtual machine
> asking to unlock the keychain. When these messages were cleared, nfd-start
> works.
>
> Thanks for the help,
> - Jeff T
>
> On 2015/9/8, 12:51:51, "Thompson, Jeff" <jefft0 at remap.ucla.edu> wrote:
>
>> I separately ran the following:
>> ndnsec-keygen /ndn/test/remap | ndnsec-install-cert -
>>
>>
>> I see the key and cert in ndnsec-list, and ndnsec-get-default returns
>> /ndn/test/remap. I can run 'ndnsec sign-req', to make a self-signed cert,
>> so signing seems to work.
>>
>> Still no luck. nfd-start gives the same error "Fail to sign data".
>>
>> - Jeff T
>>
>> On 2015/9/8, 12:24:01, "Alex Afanasyev" <aa at cs.ucla.edu> wrote:
>>
>>>
>>>> On Sep 8, 2015, at 12:19 PM, Thompson, Jeff <jefft0 at remap.ucla.edu>
>>>> wrote:
>>>>
>>>>> Did you create any identity prior to start NFD?
>>>>
>>>>
>>>> No. Should I?
>>>
>>> I would create. The script is supposed to create a (random) temporary
>>> identity, but it is not really useful.
>>>
>>> --
>>> Alex
>>>
>>>>
>>>> On 2015/9/8, 12:17:29, "Alex Afanasyev" <aa at cs.ucla.edu> wrote:
>>>>
>>>>>
>>>>>> On Sep 8, 2015, at 12:05 PM, Thompson, Jeff <jefft0 at remap.ucla.edu>
>>>>>> wrote:
>>>>>>
>>>>>> Hello. I updated to the latest ndn-cxx and NFD. (I'm on OS X 10.9.)
>>>>>> To
>>>>>> get a fresh start, I removed ~/.ndn. They compile and install OK and
>>>>>> I
>>>>>> installed the default nfd.conf. But nfd-start gives "Fail to sign
>>>>>> data".
>>>>>> Here's the output:
>>>>>>
>>>>>> OK: certificate with name
>>>>>>
>>>>>> [/localhost/operator/KEY/ksk-1441733585950/ID-CERT/%FD%00%00%01O%AE%04
>>>>>> %
>>>>>> AF
>>>>>> %C7] has been successfully installed
>>>>>> REMAPs-Mac-mini-6:~ remap$ 1441733586.971183 INFO: [StrategyChoice]
>>>>>> setDefaultStrategy /localhost/nfd/strategy/best-route/%FD%03
>>>>>> 1441733586.971597 INFO: [InternalFace] registering callback for
>>>>>> /localhost/nfd/fib
>>>>>> 1441733586.971754 INFO: [InternalFace] registering callback for
>>>>>> /localhost/nfd/faces
>>>>>> 1441733586.971847 INFO: [InternalFace] registering callback for
>>>>>> /localhost/nfd/strategy-choice
>>>>>> 1441733586.971945 INFO: [InternalFace] registering callback for
>>>>>> /localhost/nfd/status
>>>>>> 1441733586.972038 INFO: [FaceTable] Added face id=1
>>>>>> remote=internal://
>>>>>> local=internal://
>>>>>> Error Domain=Internal CSSM error Code=-2147415840 "The operation
>>>>>> couldn\u2019t be completed. (Internal CSSM error error -2147415840 -
>>>>>> Internal error #800108e0 at __SignTransform_block_invoke_2
>>>>>>
>>>>>> /SourceCache/Security/Security-55471.14.18/libsecurity_transform/lib/S
>>>>>> e
>>>>>> cS
>>>>>> ignVerifyTransform.c:264)" UserInfo=0x7f9b4b42ba00
>>>>>> {NSDescription=Internal error #800108e0 at
>>>>>> __SignTransform_block_invoke_2
>>>>>>
>>>>>> /SourceCache/Security/Security-55471.14.18/libsecurity_transform/lib/S
>>>>>> e
>>>>>> cS
>>>>>> ignVerifyTransform.c:264, Originating Transform=CoreFoundationObject}
>>>>>> 1441733586.997741 FATAL: [NFD] Fail to sign data
>>>>>>
>>>>>> Maybe my OS X keychain has an old key that's causing a problem? How
>>>>>> to
>>>>>> clear it?
>>>>>
>>>>> This can only be done in KeyChain Access app. When you open it, you
>>>>> will
>>>>> probably see a bunch of NDN names/keys (you may need to switch to
>>>>> "Keys"
>>>>> category). You can select one or all of them and delete.
>>>>>
>>>>> Did you create any identity prior to start NFD? Just in case, do not
>>>>> use
>>>>> "sudo nfd-start", just nfd-start.
>>>>>
>>>>> --
>>>>> Alex
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150908/ecfbcebd/attachment.bin>
More information about the Nfd-dev
mailing list