18 Nov
2019
18 Nov
'19
7:26 p.m.
Hi Jim,
I'm afraid the keys for the root and intermediate certificates are
discarded shortly after they are created.
So I really can't think of a way round this other than getting a new KDM.
Sometimes it's best to just send the leaf certificate to avoid these
problems.
Sorry about that,
Carl
On Mon, 18 Nov 2019, Jim Dummett wrote:
Hi all.
A filmmaker has sent me a DKDM to decrypt their DCP.
I sent them the certificate chain, and unfortunately they seem to have
targeted the KDM at the root cert rather than the leaf cert, so I can't
"unlock" the DCP in DCP-o-matic.
This particular filmmaker is in a far far away land and has been hard to get
hold of, so I am worried I may not be able to get a new KDM issued in time for
the screening.
Is there any way to switch around the certs in DCP-o-matic so the root cert is
used to decrypt? I can only see one private key in config.xml, which I assume
is for the leaf cert. However, I guess a private key must have been created
for the root cert too, in order to sign the intermediate cert. Does this
private key get saved anywhere?
If anyone is able to help, would be hugely appreciated.
Many thanks,
Jim