[Nfd-dev] NFD cannot start on macOS : Fail to sign data

Alex Afanasyev aa at cs.fiu.edu
Mon Sep 11 19:13:55 PDT 2017 

> On Sep 11, 2017, at 7:26 PM, Lei Pi (lpi) <lpi at memphis.edu <mailto:lpi at memphis.edu>> wrote:
> 
> Dear NFD developers,
> 
> 
> 
> I’ve been using an old version of NFD (#6028619f71e7d0eed2334d0478ff9df92cee7f18 ) without problem until recently. Now it fails to start and gives the following error:
> 
> 1505170300.334936 INFO: [AutoPrefixPropagator] Load auto_prefix_propagate section in rib section
> Error Domain=Internal CSSM error Code=-2147416063 "Internal error #80010801 at __SignTransform_block_invoke.17 /Library/Caches/com.apple.xbs/Sources/Security/Security-57740.60.18/OSX/libsecurity_transform/lib/SecSignVerifyTransform.c:276" UserInfo={NSDescription=Internal error #80010801 at __SignTransform_block_invoke.17 /Library/Caches/com.apple.xbs/Sources/Security/Security-57740.60.18/OSX/libsecurity_transform/lib/SecSignVerifyTransform.c:276, Originating Transform=CoreFoundationObject}
> 1505170300.365158 FATAL: [NFD] Fail to sign data
> There is a similar post in 2015 <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/2015-September/001330.html> which indicates the error is caused by the keychain. I tried the method mentioned in the post (unlocking the keychain mannually using commands), but still get the same error.
> 
> Would you please help me figure out what's going wrong?
> 
For some reason, KeyChain not allowing NFD to access the private key.  There are two ways to resolve.  Start using a new private key (i.e., delete ~/.ndn/ and then request a new key) or allow all apps (or the specific binary of nfd) to use the key.  For that you need to go to KeyChain Acceess.app, find the private key, double click, go to Access Control and click on either remove existing NFD from the list or select "Allow all applications to access this item".   I was having similar issues, but still have not figured out KeyChain access denial logic.

--
Alex

> Thanks a lot.
> ----
> Regards,
> Lei
> _______________________________________________
> Nfd-dev mailing list
> Nfd-dev at lists.cs.ucla.edu <mailto:Nfd-dev at lists.cs.ucla.edu>
> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev <http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20170911/0f1bd758/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20170911/0f1bd758/attachment.sig>

More information about the Nfd-dev mailing list