can't decrypet encrypted key on 2.9.x

[Sherif Nagy]

Hi,

Happy new year everyone, I just updated to the 2.9.x from 2.8.x on a Debian environment, I had the enckey already encrypted with the security module, after the update whenever I run the commands for the securitymodule to decrypt the key I get the following error:

Please enter password for 'admin':

Traceback (most recent call last):

  File "/usr/bin/privacyidea", line 1467, in <module>

    main()

  File "/usr/bin/privacyidea", line 1462, in main

    no_ssl_check=args.nosslcheck)

  File "/usr/lib/python2.7/dist-packages/privacyideautils/clientutils.py", line 96, in __init__

    self.set_credentials(username, password)

  File "/usr/lib/python2.7/dist-packages/privacyideautils/clientutils.py", line 129, in set_credentials

    raise Exception("Invalid Credentials: %s" % r.status_code)

Exception: Invalid Credentials: 400

Regards,

Sherif

[Cornelius Kölbel]

Hi Sherif,

Is the key still encrypted?

Are you using an internal admin?

There is a PEPPER in the pi.cfg.

Can you verify if it has changed?

Kind regards

Cornelius

Cornelius Kölbel

Corneliu...@netknights.it

+49 151 2960 1417

NetKnights GmbH

http://netknights.it

Landgraf-Karl-Str. 19, 34131 Kassel, Germany

Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405

Geschäftsführer: Cornelius Kölbel

-------- Ursprüngliche Nachricht --------
Von: Sherif Nagy <sheri...@gmail.com>
Datum: 04.01.2016 11:01 (GMT+01:00)
An: privacyidea <priva...@googlegroups.com>
Betreff: can't decrypet encrypted key on 2.9.x

--
You received this message because you are subscribed to the Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/9905d22b-a3f9-440b-ad6f-8d0ae9d7568c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Sherif Nagy]

Hi Cornelius,

Yes I am using an internal admin + LDAP for the users " the old bug that got fixed if you remember for the realm "

Yes PI_PEPPER still in pi.cfg

No, the files still the same " the pi.cfg and the enckey

I have another machine, since I am running PrivacyIDEA in Mysql Master-Master replication mode, so I updated only one machine that got broke, the other 2.8.x machine still working fine " decrypting the enckey ", so I did md5sum on pi.cfg and enckey on both machines and they are the same.

Regards,

Sherif

[Cornelius Kölbel]

So pi.cfg is the same on both machines.

Is the enckey also the same on both machines?

Kind regards

Cornelius 

Cornelius Kölbel

Corneliu...@netknights.it

+49 151 2960 1417

NetKnights GmbH

http://netknights.it

Landgraf-Karl-Str. 19, 34131 Kassel, Germany

Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405

Geschäftsführer: Cornelius Kölbel

-------- Ursprüngliche Nachricht --------
Von: Sherif Nagy <sheri...@gmail.com>

Datum: 04.01.2016 11:20 (GMT+01:00)
An: privacyidea <priva...@googlegroups.com>
Cc: sheri...@gmail.com
Betreff: Re: can't decrypet encrypted key on 2.9.x

To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/a0251504-1cfc-42d6-a932-0486ae46d7f6%40googlegroups.com.

[Sherif Nagy]

Yes, both files are the same on both machines 

Regards,

Sherif

[Cornelius Kölbel]

Hello Sherif,

which version of privacyidea admin client are you running?
Can you login to the web ui?
Kind regards
Cornelius

Cornelius Kölbel
corneliu...@netknights.it

+49 151 2960 1417

NetKnights GmbH

http://www.netknights.it

[Sherif Nagy]

Hi,

No I can't HSM is not ready, I am using 2.7-dev1 from the repo

Regards,
Sherif

You received this message because you are subscribed to a topic in the Google Groups "privacyidea" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/privacyidea/X-dz-GCRId4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to privacyidea...@googlegroups.com.

To post to this group, send email to priva...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/1451917467.27856.6.camel%40puckel.

[Cornelius Kölbel]

Hi Sherif,

can you please use verion 2.7 from the repositoy privacyidea/privacyidea
so that we have a common base?
The 2.7-dev1 is a development version from privacyidea/privacyidea-dev,
which might not be stable...

Kind regards
Cornelius

> https://groups.google.com/d/msgid/privacyidea/CAO3my_eaMAU_VeVTTRpJ%
> 2BfxwhV8dtq0hymhU%3DPXV4eYDVry-xg%40mail.gmail.com.

[Sherif Nagy]

Hi Cornelius,

I did remove the dev1 package, removed the repo and installed 2.7-1 from the mentioned repo. I am still getting the same error.

Regards,

Sherif

[Cornelius Kölbel]

Hello Sherif,

thats bad. I need to look into this in more detail.
Can you please file an issue at github for this - either at
https://github.com/privacyidea/privacyidea or
https://github.com/privacyidea/privacyideaadm (I assume the later)

Kind regards
Cornelius

> https://groups.google.com/d/msgid/privacyidea/64e962f8-34cb-4413-85eb-38c3a1630fcc%40googlegroups.com.

[Sherif Nagy]

Hi,

Issue has been opened https://github.com/privacyidea/privacyideaadm/issues/16

Thank you

Sherif

[Cornelius Kölbel]

Hello Sherif,

it turns out to be an issue with the server.
https://github.com/privacyidea/privacyidea/issues/304

If fixed it in the master branch on github and it will be contained in
2.10 latest.
https://github.com/privacyidea/privacyidea/blob/master/privacyidea/webui/login.py#L61

Kind regards
Cornelius

> > > > Datum: 04.01.2016 11:20 (GMT

> https://groups.google.com/d/msgid/privacyidea/497e7164-aa15-438f-902a-09ad18993eef%40googlegroups.com.