[Mini-NDN] ERROR: private key doesn't exist - Signature
Matteo Bertolino
Matteo.Bertolino at eurecom.fr
Thu Sep 29 06:16:57 PDT 2016
Problem solved: it was enough reinstall the certificates root.ndncert
and site1.ndncert. (probably the expired?)
However, the use case below could be useful in order to create a chain
of certificates.
Thanks however, matteo
Quoting Matteo Bertolino <Matteo.Bertolino at eurecom.fr>:
> Good morning community,
> I successfully issued my certification chain, but.. When I try to
> perform the operation, the error "Private key does not exist" block me.
> It would be really important for me solving this.
> I am using the ndn-cxx with mini, but it is possible that my error is
> about the concept.
>
> The topology:
> 1 Consumer CS (requesting /root/site1/site2)
> 1 Authority root AR
> 1 Sub Authority A1 (signed by AR)
> 1 Producer PR (signed by A1) (has /root/site1/site2)
> and a Gateway that connects all.
>
> The steps that I did are (following a guide):
> 1) Generate a root key: AR ndnsec-keygen /root | tee root.ndncert |
> ndnsec-cert-install -
> 2) Copy the root cert into the CS directory
> 3) Generate the key for the subauthority:
> A1 ndnsec-keygen /root/site1 > site1.req
> copy site1.req in AR folder
> 4) Generate the certificates for the subauthority, signed by AR
> AR ndnsec-certgen -N /root/site1 -s /root site1.req > site1.ndncert
> copy it into A1 folder
> 5) Install the certificates in A1 and AR.
> A1 ndnsec-cert-install -f site1.ndncert
> AR ndnsec-cert-install -f site1.ndncert
>
> The, exactly the same steps for the PR that is certified by the
> subauthority A1.
> 1) Generate the key for the producer:
> PR ndnsec-keygen /root/site1/site2 > site2.req
> copy site2.req in A1 folder
> 2) Generate the certificates for the producer, signed by A1
> A1 ndnsec-certgen -N /root/site1/site2 -s /root/site1 site2.req >
> site2.ndncert
> copy it into PR folder
> 5) Install the certificates in A1 and PR.
> A1 ndnsec-cert-install -f site2.ndncert
> PR ndnsec-cert-install -f site2.ndncert
>
> At the end of this procedure, I think that all is correct. A
> confirmation is obtained launching the command: NODE ndnsec list -c
>
> Root Authority, indeed, has:
> [...]
> /root/KEY/ksk[...]/ID-CERT/[...] (identity /root)
> /root/KEY/site1/ksk[...]/ID-CERT/[...] (identity /root/site1)
>
> The subauthority A1 has:
> /root/KEY/site1/ksk[...]/ID-CERT/[...] (identity /root/site1)
> /root/site1/KEY/site2/ksk[...]/ID-CERT/[...] (identity /root/site1/site2)
>
> And the producer:
> /root/site1/KEY/site2/ksk[...]/ID-CERT/[...] (identity /root/site1/site2)
>
>
> Then the final steps are the advertisements:
> pr nlsrc advertise /root/site1/site2
> ERROR: private key doesn't exist
>
> a1 nlsrc advertise /root/site1/KEY
> ERROR: private key doesn't exist
>
> ar nlsrc advertise /root/KEY
> ERROR: private key doesn't exist
>
> If I did the advertisements before all, it does not work the same later.
> Why, considering that the certification chain is (I think) correct?
>
> Thanks a lot,
> Matteo
>
> -------------------------------------------------------------------------------
> This message was sent using EURECOM Webmail: http://webmail.eurecom.fr
>
>
> _______________________________________________
> Mini-NDN mailing list
> Mini-NDN at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/mini-ndn
-------------------------------------------------------------------------------
This message was sent using EURECOM Webmail: http://webmail.eurecom.fr
More information about the Mini-NDN
mailing list