Thanks everyone for the help. It turns out the mastering facility used the signing keys instead of the decrypting keys.

The DKDM issued with the decrypting keys works.

Interestingly, this did uncover a crash situation. 
  1. I created a new project
  2. I imported the DCP using "Add Folder..."
  3. Right clicked on the DCP in the content window selected Add KDM
  4. Selected the original KDM the mastering facility incorrectly produced.
  5. I receive the "An exception occurred: Could not decrypt KDM (error:0407A079:rsa routines:RSA_padding_check_PKCS1_OAEP:oaep decoding error)." error message
  6. I clicked back on the imported DCP in the content window, and DoM crashed.
This happened in 2.9.0 and 2.10.2 running on macOS Sierra 10.12.2. 

When I have a second today, I'll download the test build and see if it happens there as well. 




SpectiCast

Tom Haines :: Executive Director of Digital Cinema Services

210 W Rittenhouse Sq, Ste 400 | Philadelphia, PA 19103, USA

Office: 215-618-3874 | Mobile: 484-269-8227 | Skype: tom.haines41

Facebook | Twitter | Google+ | Instagram | Tumblr


On Tue, Jan 31, 2017 at 7:25 AM, Tom Haines <thaines@specticast.com> wrote:
At the moment it looks like the DKDM was issued against the signing veers and not the decrypting certainty. 

On Tue, Jan 31, 2017 at 3:03 AM Carsten Kurz via DCPomatic <dcpomatic@carlh.net> wrote:
I remember that I had an issue after I had been working with, and updating DCP-o-matic for a long time on the same machine. I couldn't issue working certificates for a DKDM.

'Recreate certificates and keys' solved that issue. Something in preferences must have been mixed up over so many version updates.

However, I guess before doing that, exporting the current chain and saving it under a name of the current date and DOM version before that may be a good idea. Depends on what you had been working on before.

- Carsten

_______________________________________________
DCPomatic mailing list
DCPomatic@carlh.net
http://main.carlh.net/cgi-bin/mailman/listinfo/dcpomatic
--
SpectiCast

Tom Haines :: Executive Director of Digital Cinema Services

210 W Rittenhouse Sq, Ste 400 | Philadelphia, PA 19103, USA

Office: 215-618-3874 | Mobile: 484-269-8227 | Skype: tom.haines41

Facebook | Twitter | Google+ | Instagram | Tumblr