19 Nov
2019
19 Nov
'19
9:43 p.m.
Hi Jim,
I can't think of a reason not to keep them around... I'll add a note in
the tracker.
https://dcpomatic.com/mantis/view.php?id=1673
Cheers,
Carl
On Tue, 19 Nov 2019, Jim Dummett via DCPomatic wrote:
Bugger! I suspected as much.
Is there a particular reason why the private keys for root + intermediate
certs are discarded? Keeping them in config.xml would allow, for example,
creating additional leaf certs from the same root. Probably of limited use,
but who knows...
Jim
On 18/11/2019 19:26, Carl Hetherington wrote:
Hi Jim,
I'm afraid the keys for the root and intermediate certificates are
discarded shortly after they are created.
So I really can't think of a way round this other than getting a new KDM.
Sometimes it's best to just send the leaf certificate to avoid these
problems.
Sorry about that,
Carl
On Mon, 18 Nov 2019, Jim Dummett wrote:
> Hi all.
>
> A filmmaker has sent me a DKDM to decrypt their DCP.
>
> I sent them the certificate chain, and unfortunately they seem to have
> targeted the KDM at the root cert rather than the leaf cert, so I can't
> "unlock" the DCP in DCP-o-matic.
>
> This particular filmmaker is in a far far away land and has been hard to
> get
> hold of, so I am worried I may not be able to get a new KDM issued in time
> for
> the screening.
>
> Is there any way to switch around the certs in DCP-o-matic so the root
> cert is
> used to decrypt? I can only see one private key in config.xml, which I
> assume
> is for the leaf cert. However, I guess a private key must have been
> created
> for the root cert too, in order to sign the intermediate cert. Does this
> private key get saved anywhere?
>
> If anyone is able to help, would be hugely appreciated.
>
> Many thanks,
>
> Jim
>
>
_______________________________________________
DCPomatic mailing list
DCPomatic(a)carlh.net
http://main.carlh.net/cgi-bin/mailman/listinfo/dcpomatic