[Nfd-dev] New NFD installation: Fail to sign data

Thompson, Jeff jefft0 at remap.ucla.edu
Tue Sep 8 13:25:06 PDT 2015 

Thanks. Like you said, unlocking remotely on the command line works for me
most of the time, but not always.
- Jeff T

On 2015/9/8, 13:22:01, "Alex Afanasyev" <aa at cs.ucla.edu> wrote:

>Oh.  I should've asked this question first (OS X keychain error message
>wasn't too helpful).  This is a known issue with OS X KeyChain---the user
>has to be authorize usage of keychain in UI interface.   There is an
>option to unlock keychain in the command line, but this is not a too
>reliable way:
>
>    security unlock-keychain -p "password"
>
>---
>Alex
>
>> On Sep 8, 2015, at 1:16 PM, Thompson, Jeff <jefft0 at remap.ucla.edu>
>>wrote:
>> 
>> Problem solved. Found a bunch of messages in the UI of the virtual
>>machine
>> asking to unlock the keychain. When these messages were cleared,
>>nfd-start
>> works.
>> 
>> Thanks for the help,
>> - Jeff T
>> 
>> On 2015/9/8, 12:51:51, "Thompson, Jeff" <jefft0 at remap.ucla.edu> wrote:
>> 
>>> I separately ran the following:
>>>   ndnsec-keygen /ndn/test/remap | ndnsec-install-cert -
>>> 
>>> 
>>> I see the key and cert in ndnsec-list, and ndnsec-get-default returns
>>> /ndn/test/remap. I can run 'ndnsec sign-req', to make a self-signed
>>>cert,
>>> so signing seems to work.
>>> 
>>> Still no luck. nfd-start gives the same error "Fail to sign data".
>>> 
>>> - Jeff T
>>> 
>>> On 2015/9/8, 12:24:01, "Alex Afanasyev" <aa at cs.ucla.edu> wrote:
>>> 
>>>> 
>>>>> On Sep 8, 2015, at 12:19 PM, Thompson, Jeff <jefft0 at remap.ucla.edu>
>>>>> wrote:
>>>>> 
>>>>>> Did you create any identity prior to start NFD?
>>>>> 
>>>>> 
>>>>> No. Should I?
>>>> 
>>>> I would create.  The script is supposed to create a (random) temporary
>>>> identity, but it is not really useful.
>>>> 
>>>> --
>>>> Alex
>>>> 
>>>>> 
>>>>> On 2015/9/8, 12:17:29, "Alex Afanasyev" <aa at cs.ucla.edu> wrote:
>>>>> 
>>>>>> 
>>>>>>> On Sep 8, 2015, at 12:05 PM, Thompson, Jeff <jefft0 at remap.ucla.edu>
>>>>>>> wrote:
>>>>>>> 
>>>>>>> Hello. I updated to the latest ndn-cxx and NFD. (I'm on OS X 10.9.)
>>>>>>> To
>>>>>>> get a fresh start, I removed ~/.ndn. They compile and install OK
>>>>>>>and
>>>>>>> I
>>>>>>> installed the default nfd.conf. But nfd-start gives "Fail to sign
>>>>>>> data".
>>>>>>> Here's the output:
>>>>>>> 
>>>>>>> OK: certificate with name
>>>>>>> 
>>>>>>> 
>>>>>>>[/localhost/operator/KEY/ksk-1441733585950/ID-CERT/%FD%00%00%01O%AE%
>>>>>>>04
>>>>>>> %
>>>>>>> AF
>>>>>>> %C7] has been successfully installed
>>>>>>> REMAPs-Mac-mini-6:~ remap$ 1441733586.971183 INFO: [StrategyChoice]
>>>>>>> setDefaultStrategy /localhost/nfd/strategy/best-route/%FD%03
>>>>>>> 1441733586.971597 INFO: [InternalFace] registering callback for
>>>>>>> /localhost/nfd/fib
>>>>>>> 1441733586.971754 INFO: [InternalFace] registering callback for
>>>>>>> /localhost/nfd/faces
>>>>>>> 1441733586.971847 INFO: [InternalFace] registering callback for
>>>>>>> /localhost/nfd/strategy-choice
>>>>>>> 1441733586.971945 INFO: [InternalFace] registering callback for
>>>>>>> /localhost/nfd/status
>>>>>>> 1441733586.972038 INFO: [FaceTable] Added face id=1
>>>>>>> remote=internal://
>>>>>>> local=internal://
>>>>>>> Error Domain=Internal CSSM error Code=-2147415840 "The operation
>>>>>>> couldn\u2019t be completed. (Internal CSSM error error -2147415840
>>>>>>>-
>>>>>>> Internal error #800108e0 at __SignTransform_block_invoke_2
>>>>>>> 
>>>>>>> 
>>>>>>>/SourceCache/Security/Security-55471.14.18/libsecurity_transform/lib
>>>>>>>/S
>>>>>>> e
>>>>>>> cS
>>>>>>> ignVerifyTransform.c:264)" UserInfo=0x7f9b4b42ba00
>>>>>>> {NSDescription=Internal error #800108e0 at
>>>>>>> __SignTransform_block_invoke_2
>>>>>>> 
>>>>>>> 
>>>>>>>/SourceCache/Security/Security-55471.14.18/libsecurity_transform/lib
>>>>>>>/S
>>>>>>> e
>>>>>>> cS
>>>>>>> ignVerifyTransform.c:264, Originating
>>>>>>>Transform=CoreFoundationObject}
>>>>>>> 1441733586.997741 FATAL: [NFD] Fail to sign data
>>>>>>> 
>>>>>>> Maybe my OS X keychain has an old key that's causing a problem? How
>>>>>>> to
>>>>>>> clear it?
>>>>>> 
>>>>>> This can only be done in KeyChain Access app.  When you open it, you
>>>>>> will
>>>>>> probably see a bunch of NDN names/keys (you may need to switch to
>>>>>> "Keys"
>>>>>> category).  You can select one or all of them and delete.
>>>>>> 
>>>>>> Did you create any identity prior to start NFD?  Just in case, do
>>>>>>not
>>>>>> use
>>>>>> "sudo nfd-start", just nfd-start.
>>>>>> 
>>>>>> --
>>>>>> Alex
>>>>>> 
>>>>> 
>>>> 
>>> 
>> 
>

More information about the Nfd-dev mailing list