Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:53 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: Generate KSM-KEY
PostPosted: Wed Dec 10, 2014 4:33 pm 
Offline

Joined: Wed Dec 10, 2014 4:24 pm
Posts: 9
Hi,

I have a problem with KSM.
I installed and configured Yubikey Validation Server.
Test seems to be Ok, bacause when I go to http://yubico.mydomain.net/wsapi/verify, answer is :
h=JC1clA/JHRc6O4RSBGKyo7Cm5AU=
t=2014-12-10T08:28:35Z0097
status=MISSING_PARAMETER

Now i want to install KSM, but it doesn't work...
When I test to go to http://yubico.mydomain.net/wsapi/decryp ... wvfdgfgdfd, answer is a white page... no message displayed

Do you have any idea ? I tested on same server that Validation Server, and on an other server, same result...

Other problem, I tested to generate KSM key, using this doc : https://github.com/Yubico/yubikey-ksm/b ... M_Key.adoc
Impossible to generate KSM Key... error message :

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

There is not enough random bytes availables....


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

 Post subject: Re: Generate KSM-KEY
PostPosted: Fri Dec 12, 2014 2:43 pm 
Offline
Site Admin
Site Admin

Joined: Mon Dec 08, 2014 2:52 pm
Posts: 314
The random byte message it is probably because you are on a virtual machine.

The first error, sounds like some php error what is in the error log?


Top
 Profile  
Reply with quote  
 Post subject: Re: Generate KSM-KEY
PostPosted: Fri Dec 19, 2014 3:22 pm 
Offline

Joined: Wed Dec 10, 2014 4:24 pm
Posts: 9
Hi,

thanks a lot for your response.
For the fisrt problem, roger, i'm on a VM.
Now, I have a KSM Key.

So now, just the problem to decrypt the key.
Seems to be a problem with access rights or file missing... strange because I followed the doc step by step...
Maybe because I installed Yubikey Validation Server and KSM on same server...

Code:
/var/log/apache2$ tail ykval-error.log

[Fri Dec 19 14:07:21 2014] [error] [client 46.x.x.x] PHP Warning:  require_once(/etc/yubico/val/ykksm-config.php): failed to open stream: Permission denied in /usr/share/yubikey-ksm/ykksm-decrypt.php on line 31
[Fri Dec 19 14:07:21 2014] [error] [client 46.x.x.x] PHP Fatal error:  require_once(): Failed opening required 'ykksm-config.php' (include_path='.:/etc/yubico/val:/usr/share/yubikey-val') in /usr/share/yubikey-ksm/ykksm-decrypt.php on line 31


Top
 Profile  
Reply with quote  
 Post subject: Re: Generate KSM-KEY
PostPosted: Mon Dec 22, 2014 10:17 am 
Offline
Site Admin
Site Admin

Joined: Mon Dec 08, 2014 2:52 pm
Posts: 314
check permission and sym-links are pointing correctly

also why ykksm-config.php is not in /ksm subfolder ?
/etc/yubico/ksm/ykksm-config.php

you have it ykval


Top
 Profile  
Reply with quote  
 Post subject: Re: Generate KSM-KEY
PostPosted: Tue Dec 23, 2014 5:39 pm 
Offline

Joined: Wed Dec 10, 2014 4:24 pm
Posts: 9
Hi,

Permissions seems to be OK.

Code:
/usr/share/yubikey-ksm$ ls -l
total 12
-rwx------ 1 www-data root 4557 nov.  13 16:57 ykksm-decrypt.php
-rw-r----- 1 root     root 2428 nov.  13 16:57 ykksm-utils.php



For ykksm-config.php, I have it in the two directory :
- /etc/yubico/ksm/
- /etc/yubico/val/


Top
 Profile  
Reply with quote  
 Post subject: Re: Generate KSM-KEY
PostPosted: Wed Dec 24, 2014 10:50 am 
Offline

Joined: Wed Dec 10, 2014 4:24 pm
Posts: 9
Hi,

All is OK now.
Problem was with path defined...
Copy files from /etc/yubico/ksm to /etc/yubico/val and fix rights and owner solved problem I think..

I created KMS Key.
Now, problem is with Keys generation...

./ykksm-gen-keys 1 5 | gpg -a --encrypt -r C6186423 > /home/val/KSMkeys.txt
gpg: can't open `/home/val/.gnupg/pubring.gpg'
gpg: keydb_search failed: file open error
gpg: C6186423: skipped: file open error
gpg: [stdin]: encryption failed: file open error


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 24, 2014 4:46 pm 
Offline

Joined: Wed Dec 10, 2014 4:24 pm
Posts: 9
Ok found the problem.

Edit /home/val/.bashrc to add :

export GPG_TTY=tty
export PINENTRY_USER_DATA="USE_CURSES=1"

Edit /home/val/.gnupg/gpg.conf tu uncomment :

default-key xxxxxxx


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group