[Nfd-dev] New NFD installation: Fail to sign data

Alex Afanasyev aa at CS.UCLA.EDU
Tue Sep 8 13:22:01 PDT 2015 

Oh.  I should've asked this question first (OS X keychain error message wasn't too helpful).  This is a known issue with OS X KeyChain---the user has to be authorize usage of keychain in UI interface.   There is an option to unlock keychain in the command line, but this is not a too reliable way:

    security unlock-keychain -p "password"

---
Alex

> On Sep 8, 2015, at 1:16 PM, Thompson, Jeff <jefft0 at remap.ucla.edu> wrote:
> 
> Problem solved. Found a bunch of messages in the UI of the virtual machine
> asking to unlock the keychain. When these messages were cleared, nfd-start
> works.
> 
> Thanks for the help,
> - Jeff T
> 
> On 2015/9/8, 12:51:51, "Thompson, Jeff" <jefft0 at remap.ucla.edu> wrote:
> 
>> I separately ran the following:
>>   ndnsec-keygen /ndn/test/remap | ndnsec-install-cert -
>> 
>> 
>> I see the key and cert in ndnsec-list, and ndnsec-get-default returns
>> /ndn/test/remap. I can run 'ndnsec sign-req', to make a self-signed cert,
>> so signing seems to work.
>> 
>> Still no luck. nfd-start gives the same error "Fail to sign data".
>> 
>> - Jeff T
>> 
>> On 2015/9/8, 12:24:01, "Alex Afanasyev" <aa at cs.ucla.edu> wrote:
>> 
>>> 
>>>> On Sep 8, 2015, at 12:19 PM, Thompson, Jeff <jefft0 at remap.ucla.edu>
>>>> wrote:
>>>> 
>>>>> Did you create any identity prior to start NFD?
>>>> 
>>>> 
>>>> No. Should I?
>>> 
>>> I would create.  The script is supposed to create a (random) temporary
>>> identity, but it is not really useful.
>>> 
>>> --
>>> Alex
>>> 
>>>> 
>>>> On 2015/9/8, 12:17:29, "Alex Afanasyev" <aa at cs.ucla.edu> wrote:
>>>> 
>>>>> 
>>>>>> On Sep 8, 2015, at 12:05 PM, Thompson, Jeff <jefft0 at remap.ucla.edu>
>>>>>> wrote:
>>>>>> 
>>>>>> Hello. I updated to the latest ndn-cxx and NFD. (I'm on OS X 10.9.)
>>>>>> To
>>>>>> get a fresh start, I removed ~/.ndn. They compile and install OK and
>>>>>> I
>>>>>> installed the default nfd.conf. But nfd-start gives "Fail to sign
>>>>>> data".
>>>>>> Here's the output:
>>>>>> 
>>>>>> OK: certificate with name
>>>>>> 
>>>>>> [/localhost/operator/KEY/ksk-1441733585950/ID-CERT/%FD%00%00%01O%AE%04
>>>>>> %
>>>>>> AF
>>>>>> %C7] has been successfully installed
>>>>>> REMAPs-Mac-mini-6:~ remap$ 1441733586.971183 INFO: [StrategyChoice]
>>>>>> setDefaultStrategy /localhost/nfd/strategy/best-route/%FD%03
>>>>>> 1441733586.971597 INFO: [InternalFace] registering callback for
>>>>>> /localhost/nfd/fib
>>>>>> 1441733586.971754 INFO: [InternalFace] registering callback for
>>>>>> /localhost/nfd/faces
>>>>>> 1441733586.971847 INFO: [InternalFace] registering callback for
>>>>>> /localhost/nfd/strategy-choice
>>>>>> 1441733586.971945 INFO: [InternalFace] registering callback for
>>>>>> /localhost/nfd/status
>>>>>> 1441733586.972038 INFO: [FaceTable] Added face id=1
>>>>>> remote=internal://
>>>>>> local=internal://
>>>>>> Error Domain=Internal CSSM error Code=-2147415840 "The operation
>>>>>> couldn\u2019t be completed. (Internal CSSM error error -2147415840 -
>>>>>> Internal error #800108e0 at __SignTransform_block_invoke_2
>>>>>> 
>>>>>> /SourceCache/Security/Security-55471.14.18/libsecurity_transform/lib/S
>>>>>> e
>>>>>> cS
>>>>>> ignVerifyTransform.c:264)" UserInfo=0x7f9b4b42ba00
>>>>>> {NSDescription=Internal error #800108e0 at
>>>>>> __SignTransform_block_invoke_2
>>>>>> 
>>>>>> /SourceCache/Security/Security-55471.14.18/libsecurity_transform/lib/S
>>>>>> e
>>>>>> cS
>>>>>> ignVerifyTransform.c:264, Originating Transform=CoreFoundationObject}
>>>>>> 1441733586.997741 FATAL: [NFD] Fail to sign data
>>>>>> 
>>>>>> Maybe my OS X keychain has an old key that's causing a problem? How
>>>>>> to
>>>>>> clear it?
>>>>> 
>>>>> This can only be done in KeyChain Access app.  When you open it, you
>>>>> will
>>>>> probably see a bunch of NDN names/keys (you may need to switch to
>>>>> "Keys"
>>>>> category).  You can select one or all of them and delete.
>>>>> 
>>>>> Did you create any identity prior to start NFD?  Just in case, do not
>>>>> use
>>>>> "sudo nfd-start", just nfd-start.
>>>>> 
>>>>> --
>>>>> Alex
>>>>> 
>>>> 
>>> 
>> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150908/ecfbcebd/attachment.bin>

More information about the Nfd-dev mailing list