On Mon, Jan 30, 2017 at 5:03 PM, Carl Hetherington <cth@carlh.net> wrote:
Hi Tom,
Are you importing the DCP on the same machine that you exported the
certificates from?
And you are doing "Add KDM" from the right-click menu when you get this
error?
Kind regards,
Carl
On Mon, 30 Jan 2017, Tom Haines via DCPomatic wrote:
> So, the Qube Master Pro operator was able to issue a DKDM, using an individual export of the Root, Intermediate, and Leaf.
>
> Unfortunately now, I am receiving the following error in DCP-o-Matic when I attempt to unlock the content.
>
> An exception occurred: Could not decrypt KDM (error:0407A079:rsa routines:RSA_padding_check_PKCS1_OAEP:oaep decoding error).
>
> Any thoughts on this?
>
> SpectiCast
> Tom Haines :: Executive Director of Digital Cinema Services
>
> 210 W Rittenhouse Sq, Ste 400 | Philadelphia, PA 19103, USA
>
> Office: 215-618-3874 | Mobile: 484-269-8227 | Skype: tom.haines41
>
> Facebook | Twitter | Google+ |Instagram | Tumblr
>
>
> On Thu, Jan 26, 2017 at 2:23 AM, GEORGE MAZARAKIS via DCPomatic <dcpomatic@carlh.net> wrote:
> If you send the cerificate chain they should be able to unchain it (
> using an utulity which comes with qube , or manually)
>
> and install the root and intermidiate certificates on windows using mmc.exe.
>
> Then they can create DKDM for DoM using the pem cerificate
>
> George
>
>
> On 26/1/2017 1:28 πμ, dcpomatic-request@carlh.net wrote:
> > Send DCPomatic mailing list submissions to
> > dcpomatic@carlh.net
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://main.carlh.net/cgi-bin/mailman/listinfo/dcpomatic
> > or, via email, send a message with subject or body 'help' to
> > dcpomatic-request@carlh.net
> >
> > You can reach the person managing the list at
> > dcpomatic-owner@carlh.net
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of DCPomatic digest..."
> >
> >
> > Today's Topics:
> >
> > 1. Re: Exporting a decryption certificate. (Carsten Kurz)
> > 2. Re: Exporting a decryption certificate. (Tom Haines)
> > 3. Re: Exporting a decryption certificate. (Carsten Kurz)
> > 4. Re: Exporting a decryption certificate. (Carsten Kurz)
> > 5. Re: Exporting a decryption certificate. (Tom Haines)
> >
> >
> > ------------------------------------------------------------ ----------
> >
> > Message: 1
> > Date: Wed, 25 Jan 2017 23:50:05 +0100
> > From: Carsten Kurz <audiovisual@t-online.de>
> > To: dcpomatic carlh net <DCPomatic@carlh.net>
> > Subject: Re: [DCP-o-matic] Exporting a decryption certificate.
> > Message-ID: <1BA06127-14B0-43EE-A89D-A5331B0A0513@t-online.de >
> > Content-Type: text/plain; charset=us-ascii
> >
> >
> > Am 25.01.2017 um 23:43 schrieb Tom Haines:
> >
> >> Other way around. They are mastering the DCP, and I need to decrypt it with DOM
> > Okay, in this case you would need to use 'Export DCP encryption chain'. And hope that Qube Master Pro accepts DOMs root certificate/chain.
> >
> > - Carsten
> >
> >
> >
> >
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Wed, 25 Jan 2017 17:59:31 -0500
> > From: Tom Haines <thaines@specticast.com>
> > To: Carsten Kurz <audiovisual@t-online.de>
> > Cc: dcpomatic carlh net <DCPomatic@carlh.net>
> > Subject: Re: [DCP-o-matic] Exporting a decryption certificate.
> > Message-ID:
> > <CAAgw8C5kMZKk-JYj8gu7kDuOieBv2Nt1z4w11Dcjwsv >yRTpoqw@mail.gmail.com
> > Content-Type: text/plain; charset="utf-8"
> >
> > I can't find 'Export DCP encryption chain', but I did send him the result
> > from 'Export DCP decryption certificate' and that's what caused him this
> > error. Are they the same thing, or am I missing something?
> >
> > [image: SpectiCast] <http://www.specticast.com/> Tom Haines :: Executive
> > Director of Digital Cinema Services
> >
> > 210 W Rittenhouse Sq, Ste 400 | Philadelphia, PA 19103, USA
> >
> > Office: 215-618-3874 | Mobile: 484-269-8227 | Skype: tom.haines41
> >
> > Facebook <https://www.facebook.com/SpectiCastEntertainment > | Twitter
> > <https://twitter.com/Specticast > | Google+
> > <https://plus.google.com/u/0/b/104757180246475600072/ >104757180246475600072/posts
> > | Instagram <http://instagram.com/specticast > | Tumblr
> > <http://specticast.tumblr.com/>
> >
> > On Wed, Jan 25, 2017 at 5:50 PM, Carsten Kurz via DCPomatic <
> > dcpomatic@carlh.net> wrote:
> >
> >> Am 25.01.2017 um 23:43 schrieb Tom Haines:
> >>
> >>> Other way around. They are mastering the DCP, and I need to decrypt it
> >> with DOM
> >>
> >> Okay, in this case you would need to use 'Export DCP encryption chain'.
> >> And hope that Qube Master Pro accepts DOMs root certificate/chain.
> >>
> >> - Carsten
> >>
> >>
> >>
> >> _______________________________________________
> >> DCPomatic mailing list
> >> DCPomatic@carlh.net
> >> http://main.carlh.net/cgi-bin/mailman/listinfo/dcpomatic
> >>
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <http://main.carlh.net/pipermail/dcpomatic/ >attachments/20170125/e9ec58e0/ attachment-0001.html
> >
> > ------------------------------
> >
> > Message: 3
> > Date: Thu, 26 Jan 2017 00:15:14 +0100
> > From: Carsten Kurz <audiovisual@t-online.de>
> > To: dcpomatic net carlh <DCPomatic@carlh.net>
> > Subject: Re: [DCP-o-matic] Exporting a decryption certificate.
> > Message-ID: <EF1E26B1-177A-47B8-9AF7-867A33A6A469@t-online.de >
> > Content-Type: text/plain; charset=us-ascii
> >
> >
> > Am 25.01.2017 um 23:59 schrieb Tom Haines:
> >
> >> I can't find 'Export DCP encryption chain', but I did send him the result from 'Export DCP decryption certificate' and that's what caused him this
> error. Are they the same thing, or am I missing something?
> > Ooops.
> >
> > In my Preferences - Keys I have three options at the bottom of the dialog:
> >
> > Re_Make certificates and key
> > Export DCP decryption certificate...
> > Export DCP decryption chain...
> >
> > Ooops, it seems that button is indeed not there in 2.9... maybe upgrade to 2.10.2 or 2.10.6?
> >
> > 'Export Decryption certificate' will only export the leaf certificate of your DOM installation. Technically, the leaf is sufficient to create
> KDMs/DKDMs, but some software may require a full certificate chain, which is what the error message you posted seems to signal.
> > Qube Master Pro may have a setting to override that behaviour and be happy with the leaf only, but I am not familiar with that software.
> >
> > - Carsten
> >
> >
> >
> >
> >
> >
> > ------------------------------
> >
> > Message: 4
> > Date: Thu, 26 Jan 2017 00:24:12 +0100
> > From: Carsten Kurz <audiovisual@t-online.de>
> > To: dcpomatic carlh net <DCPomatic@carlh.net>
> > Subject: Re: [DCP-o-matic] Exporting a decryption certificate.
> > Message-ID: <99FC8548-330F-4A47-A0A3-F7C7896B4EE9@t-online.de >
> > Content-Type: text/plain; charset=us-ascii
> >
> >
> > Am 25.01.2017 um 23:59 schrieb Tom Haines:
> >
> >> I can't find 'Export DCP encryption chain', but I did send him the result from 'Export DCP decryption certificate' and that's what caused him this
> error. Are they the same thing, or am I missing something?
> > Carl - I could probably try this myself, but, assuming Tom want's to stay with 2.9 - can the decryption certificate chain also be generated by
> exporting the three individual Root/Intermediate/Leaf certificates in the upper part of the decryption certificate dialog segment, and simply
> concatenate them into a single file?
> >
> >
> > - Carsten
> >
> >
> >
> >
> >
> > ------------------------------
> >
> > Message: 5
> > Date: Wed, 25 Jan 2017 18:26:51 -0500
> > From: Tom Haines <thaines@specticast.com>
> > To: Carsten Kurz <audiovisual@t-online.de>
> > Cc: dcpomatic net carlh <DCPomatic@carlh.net>
> > Subject: Re: [DCP-o-matic] Exporting a decryption certificate.
> > Message-ID:
> > <CAAgw8C5yG0s=sPycBni1yS_nQai2diYG=Tt+sjFvpLjCge8Wvg@ mail.gmail.com >
> > Content-Type: text/plain; charset="utf-8"
> >
> > Wonderful. I upgraded to 2.10.2 and that option is now there. I exported
> > the full chain and sent it along. I'll report back if it works.
> >
> > [image: SpectiCast] <http://www.specticast.com/> Tom Haines :: Executive
> > Director of Digital Cinema Services
> >
> > 210 W Rittenhouse Sq, Ste 400 | Philadelphia, PA 19103, USA
> >
> > Office: 215-618-3874 | Mobile: 484-269-8227 | Skype: tom.haines41
> >
> > Facebook <https://www.facebook.com/SpectiCastEntertainment > | Twitter
> > <https://twitter.com/Specticast > | Google+
> > <https://plus.google.com/u/0/b/104757180246475600072/ >104757180246475600072/posts
> > | Instagram <http://instagram.com/specticast > | Tumblr
> > <http://specticast.tumblr.com/>
> >
> > On Wed, Jan 25, 2017 at 6:15 PM, Carsten Kurz via DCPomatic <
> > dcpomatic@carlh.net> wrote:
> >
> >> Am 25.01.2017 um 23:59 schrieb Tom Haines:
> >>
> >>> I can't find 'Export DCP encryption chain', but I did send him the
> >> result from 'Export DCP decryption certificate' and that's what caused him
> >> this error. Are they the same thing, or am I missing something?
> >>
> >> Ooops.
> >>
> >> In my Preferences - Keys I have three options at the bottom of the dialog:
> >>
> >> Re_Make certificates and key
> >> Export DCP decryption certificate...
> >> Export DCP decryption chain...
> >>
> >> Ooops, it seems that button is indeed not there in 2.9... maybe upgrade to
> >> 2.10.2 or 2.10.6?
> >>
> >> 'Export Decryption certificate' will only export the leaf certificate of
> >> your DOM installation. Technically, the leaf is sufficient to create
> >> KDMs/DKDMs, but some software may require a full certificate chain, which
> >> is what the error message you posted seems to signal.
> >> Qube Master Pro may have a setting to override that behaviour and be happy
> >> with the leaf only, but I am not familiar with that software.
> >>
> >> - Carsten
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> DCPomatic mailing list
> >> DCPomatic@carlh.net
> >> http://main.carlh.net/cgi-bin/mailman/listinfo/dcpomatic
> >>
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <http://main.carlh.net/pipermail/dcpomatic/ >attachments/20170125/4ad2832a/ attachment.html
> >
> > ------------------------------
> >
> > Subject: Digest Footer
> >
> > _______________________________________________
> > DCPomatic mailing list
> > DCPomatic@carlh.net
> > http://main.carlh.net/cgi-bin/mailman/listinfo/dcpomatic
> >
> >
> > ------------------------------
> >
> > End of DCPomatic Digest, Vol 53, Issue 20
> > *****************************************
>
> _______________________________________________
> DCPomatic mailing list
> DCPomatic@carlh.net
> http://main.carlh.net/cgi-bin/mailman/listinfo/dcpomatic
>
>
>
>