[mandos-client] Error -64 while reading keypar

Pablo Abelenda pabelenda at igalia.com
Tue Nov 3 16:26:16 CET 2015 

On 10/30/2015 11:07 PM, Teddy Hogeborn wrote:
> Pablo Abelenda <pabelenda at igalia.com> writes:
> 
>> I have configured a mandos server and a mandos client.
>>
>> Everytime I boot the client machine and mandos-client try to get his
>> password I obtain the following error:
>>
>> ------------------------------------------------------------------------
>> Mandos plugin mandos-client: Error [-64] while reading the Open PGP key
>> pair ('conf/conf.d/pubkey.txt' , 'conf/conf.d/seckey.txt')
>> Mandos plugin mandos-client: The GnuTLS error is: Error while reading file.
>> Mandos plugin mandos-client: init_gnutls_global failed
>> ------------------------------------------------------------------------
> [...]
>> --options-for=mandos-client:--pubkey=conf.d/mandos/pubkey.txt
>> --options-for=mandos-client:--seckey=conf.d/mandos/seckey.txt
>> --options-for=mandos-client:--network-hook-dir=lib/mandos/network-hooks.d
> 
> It seems that the Mandos client fails to find the key files.  It would
> probably work if you changed it to use absolute paths; like
> "/conf/conf.d/mandos/pubkey.txt" (which is also the default setting, so
> you should not need to even specify the --pubkey and --seckey options),
> not "conf.d/mandos/pubkey.txt" or "conf/conf.d/pubkey.txt".
> 
> The key files should normally be located in the /etc/keys/mandos
> directory, and will therefore *not* be found when running the Mandos
> client without any options from the normal booted system.  (See the
> /usr/share/doc/mandos-client/README.Debian.gz file for a suitable
> command line to use for testing the Mandos client in this environment.)
> When booting, however, the Mandos client runs in the initial RAM disk
> file system (initrd.img), and *there*, the key files should have been
> copied from /etc/keys/mandos to /conf/conf.d/mandos.
> 
> /Teddy
> 
> 

Many thanks for the quick answer.

I have changed into absolute paths, with the same result. In fact, there
was a configuration I was already tested few days ago.

Then, I have removed the path to the key pair, as it is default setting
as you kindly pointed to me, and now I am facing a different issue. I am
amazed.

"bad gpgme_op_decrypt: GPGME: Decryption failed."

This is good, because I have moved on, but it is bad as well for two
reasons. One, becasuse (obviously) I am still facing issues, and two,
because I found no reason why writing the default option make the client
to fail like this.

Again, thanks for the answer. I will keep fighting against this new
problem. Any advice will be much appreciated.

Best regards.

-- 
Pablo Abelenda

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20151103/8e183436/attachment.sig>

More information about the Mandos-Dev mailing list