Yubico Forum

Generate KSM-KEY
Page 1 of 1

Author:  gpr [ Wed Dec 10, 2014 4:33 pm ]
Post subject:  Generate KSM-KEY


I have a problem with KSM.
I installed and configured Yubikey Validation Server.
Test seems to be Ok, bacause when I go to http://yubico.mydomain.net/wsapi/verify, answer is :

Now i want to install KSM, but it doesn't work...
When I test to go to http://yubico.mydomain.net/wsapi/decryp ... wvfdgfgdfd, answer is a white page... no message displayed

Do you have any idea ? I tested on same server that Validation Server, and on an other server, same result...

Other problem, I tested to generate KSM key, using this doc : https://github.com/Yubico/yubikey-ksm/b ... M_Key.adoc
Impossible to generate KSM Key... error message :

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

There is not enough random bytes availables....

Author:  Tom2 [ Fri Dec 12, 2014 2:43 pm ]
Post subject:  Re: Generate KSM-KEY

The random byte message it is probably because you are on a virtual machine.

The first error, sounds like some php error what is in the error log?

Author:  gpr [ Fri Dec 19, 2014 3:22 pm ]
Post subject:  Re: Generate KSM-KEY


thanks a lot for your response.
For the fisrt problem, roger, i'm on a VM.
Now, I have a KSM Key.

So now, just the problem to decrypt the key.
Seems to be a problem with access rights or file missing... strange because I followed the doc step by step...
Maybe because I installed Yubikey Validation Server and KSM on same server...

/var/log/apache2$ tail ykval-error.log

[Fri Dec 19 14:07:21 2014] [error] [client 46.x.x.x] PHP Warning:  require_once(/etc/yubico/val/ykksm-config.php): failed to open stream: Permission denied in /usr/share/yubikey-ksm/ykksm-decrypt.php on line 31
[Fri Dec 19 14:07:21 2014] [error] [client 46.x.x.x] PHP Fatal error:  require_once(): Failed opening required 'ykksm-config.php' (include_path='.:/etc/yubico/val:/usr/share/yubikey-val') in /usr/share/yubikey-ksm/ykksm-decrypt.php on line 31

Author:  Tom2 [ Mon Dec 22, 2014 10:17 am ]
Post subject:  Re: Generate KSM-KEY

check permission and sym-links are pointing correctly

also why ykksm-config.php is not in /ksm subfolder ?

you have it ykval

Author:  gpr [ Tue Dec 23, 2014 5:39 pm ]
Post subject:  Re: Generate KSM-KEY


Permissions seems to be OK.

/usr/share/yubikey-ksm$ ls -l
total 12
-rwx------ 1 www-data root 4557 nov.  13 16:57 ykksm-decrypt.php
-rw-r----- 1 root     root 2428 nov.  13 16:57 ykksm-utils.php

For ykksm-config.php, I have it in the two directory :
- /etc/yubico/ksm/
- /etc/yubico/val/

Author:  gpr [ Wed Dec 24, 2014 10:50 am ]
Post subject:  Re: Generate KSM-KEY


All is OK now.
Problem was with path defined...
Copy files from /etc/yubico/ksm to /etc/yubico/val and fix rights and owner solved problem I think..

I created KMS Key.
Now, problem is with Keys generation...

./ykksm-gen-keys 1 5 | gpg -a --encrypt -r C6186423 > /home/val/KSMkeys.txt
gpg: can't open `/home/val/.gnupg/pubring.gpg'
gpg: keydb_search failed: file open error
gpg: C6186423: skipped: file open error
gpg: [stdin]: encryption failed: file open error

Author:  gpr [ Wed Dec 24, 2014 4:46 pm ]
Post subject:  [SOLVED] Generate KSM-KEY

Ok found the problem.

Edit /home/val/.bashrc to add :

export GPG_TTY=tty

Edit /home/val/.gnupg/gpg.conf tu uncomment :

default-key xxxxxxx

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group