Yubico Forum https://forum.yubico.com/ |
|
Generate KSM-KEY https://forum.yubico.com/viewtopic.php?f=5&t=1655 |
Page 1 of 1 |
Author: | gpr [ Wed Dec 10, 2014 4:33 pm ] |
Post subject: | Generate KSM-KEY |
Hi, I have a problem with KSM. I installed and configured Yubikey Validation Server. Test seems to be Ok, bacause when I go to http://yubico.mydomain.net/wsapi/verify, answer is : h=JC1clA/JHRc6O4RSBGKyo7Cm5AU= t=2014-12-10T08:28:35Z0097 status=MISSING_PARAMETER Now i want to install KSM, but it doesn't work... When I test to go to http://yubico.mydomain.net/wsapi/decryp ... wvfdgfgdfd, answer is a white page... no message displayed Do you have any idea ? I tested on same server that Validation Server, and on an other server, same result... Other problem, I tested to generate KSM key, using this doc : https://github.com/Yubico/yubikey-ksm/b ... M_Key.adoc Impossible to generate KSM Key... error message : We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. There is not enough random bytes availables.... |
Author: | Tom2 [ Fri Dec 12, 2014 2:43 pm ] |
Post subject: | Re: Generate KSM-KEY |
The random byte message it is probably because you are on a virtual machine. The first error, sounds like some php error what is in the error log? |
Author: | gpr [ Fri Dec 19, 2014 3:22 pm ] |
Post subject: | Re: Generate KSM-KEY |
Hi, thanks a lot for your response. For the fisrt problem, roger, i'm on a VM. Now, I have a KSM Key. So now, just the problem to decrypt the key. Seems to be a problem with access rights or file missing... strange because I followed the doc step by step... Maybe because I installed Yubikey Validation Server and KSM on same server... Code: /var/log/apache2$ tail ykval-error.log
[Fri Dec 19 14:07:21 2014] [error] [client 46.x.x.x] PHP Warning: require_once(/etc/yubico/val/ykksm-config.php): failed to open stream: Permission denied in /usr/share/yubikey-ksm/ykksm-decrypt.php on line 31 [Fri Dec 19 14:07:21 2014] [error] [client 46.x.x.x] PHP Fatal error: require_once(): Failed opening required 'ykksm-config.php' (include_path='.:/etc/yubico/val:/usr/share/yubikey-val') in /usr/share/yubikey-ksm/ykksm-decrypt.php on line 31 |
Author: | Tom2 [ Mon Dec 22, 2014 10:17 am ] |
Post subject: | Re: Generate KSM-KEY |
check permission and sym-links are pointing correctly also why ykksm-config.php is not in /ksm subfolder ? /etc/yubico/ksm/ykksm-config.php you have it ykval |
Author: | gpr [ Tue Dec 23, 2014 5:39 pm ] |
Post subject: | Re: Generate KSM-KEY |
Hi, Permissions seems to be OK. Code: /usr/share/yubikey-ksm$ ls -l total 12 -rwx------ 1 www-data root 4557 nov. 13 16:57 ykksm-decrypt.php -rw-r----- 1 root root 2428 nov. 13 16:57 ykksm-utils.php For ykksm-config.php, I have it in the two directory : - /etc/yubico/ksm/ - /etc/yubico/val/ |
Author: | gpr [ Wed Dec 24, 2014 10:50 am ] |
Post subject: | Re: Generate KSM-KEY |
Hi, All is OK now. Problem was with path defined... Copy files from /etc/yubico/ksm to /etc/yubico/val and fix rights and owner solved problem I think.. I created KMS Key. Now, problem is with Keys generation... ./ykksm-gen-keys 1 5 | gpg -a --encrypt -r C6186423 > /home/val/KSMkeys.txt gpg: can't open `/home/val/.gnupg/pubring.gpg' gpg: keydb_search failed: file open error gpg: C6186423: skipped: file open error gpg: [stdin]: encryption failed: file open error |
Author: | gpr [ Wed Dec 24, 2014 4:46 pm ] |
Post subject: | [SOLVED] Generate KSM-KEY |
Ok found the problem. Edit /home/val/.bashrc to add : export GPG_TTY=tty export PINENTRY_USER_DATA="USE_CURSES=1" Edit /home/val/.gnupg/gpg.conf tu uncomment : default-key xxxxxxx |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |