Closed zhouyou9505 closed 8 months ago
我没用cli,改为python触发,可以调用到docker的capsule-manager
Traceback (most recent call last):
File "/home/zhouyou/PycharmProjects/tee_test/cms_util_test.py", line 46, in
auth_frame = CapsuleManagerFrame( "127.0.0.1:8888", None, None, True, ) def register_data_keys(): config = file.read_yaml_file("cli/cms/cli3.yaml") common = config["common"] party_id = common["party_id"] ownered = config["register_data_keys"] cert_pems, private_key = cms.read_rsa_keypair(common) data_keys = [base64.b64decode(data_key) for data_key in ownered["data_key_b64s"]] auth_frame.create_data_keys( party_id, ownered["resource_uris"], data_keys, cert_pems, private_key, )
if name == 'main': register_data_keys()
显示我的party_id有问题,我的party_id生成 cms_util generate-party-id --cert-pems-file alice.crt 生成 BDEVTQ3U5WDPBGRLDPOIFIX7RV6MMUTI6DKAI4PX3733LYCC7BZA
我没用cli,改为python触发,可以调用到docker的capsule-manager
Traceback (most recent call last): File "/home/zhouyou/PycharmProjects/tee_test/cms_util_test.py", line 46, in register_data_keys() File "/home/zhouyou/PycharmProjects/tee_test/cms_util_test.py", line 36, in register_data_keys auth_frame.create_data_keys( File "/home/zhouyou/miniconda3/envs/tee/lib/python3.8/site-packages/sdc/capsule_manager_frame.py", line 395, in create_data_keys raise CapsuleManagerError( sdc.error.CapsuleManagerError: CapsuleManager server error code: 13, error message: err code: Assert err; err detail: party_id BDEVTQ3U5WDPBGRLDPOIFIX7RV6MMUTI6DKAI4PX3733LYCC7BZA is wrong derived from public key; location: [line = 108, file = capsule-manager/src/server.rs]
auth_frame = CapsuleManagerFrame( "127.0.0.1:8888", None, None, True, ) def register_data_keys(): config = file.read_yaml_file("cli/cms/cli3.yaml") common = config["common"] party_id = common["party_id"] ownered = config["register_data_keys"] cert_pems, private_key = cms.read_rsa_keypair(common) data_keys = [base64.b64decode(data_key) for data_key in ownered["data_key_b64s"]] auth_frame.create_data_keys( party_id, ownered["resource_uris"], data_keys, cert_pems, private_key, )
if name == 'main': register_data_keys()
显示我的party_id有问题,我的party_id生成 cms_util generate-party-id --cert-pems-file alice.crt 生成 BDEVTQ3U5WDPBGRLDPOIFIX7RV6MMUTI6DKAI4PX3733LYCC7BZA
现在最新的配置文件是什么样的?
下面是我执行的步骤 docker run -it -d -p 8888:8888 secretflow/capsule-manager-sim-ubuntu20.04:latest bash ./capsule_manager --enable-tls false
cms_util generate-data-key-b64 数据秘钥 rffCcW2MvJcrkFo5BTAs1g==
生成加密文件 cms_util encrypt-file --source-file alice.csv --dest-file alice.csv.enc --data-key-b64 rffCcW2MvJcrkFo5BTAs1g== 【先用openssl生成私钥,证书等】 cms_config init --host 127.0.0.1 --sim true --private-key-file alice.key --cert-chain-file alice.crt --root-ca-file alice_ca.crt
cms_util generate-party-id --cert-pems-file alice.crt 生成 BDEVTQ3U5WDPBGRLDPOIFIX7RV6MMUTI6DKAI4PX3733LYCC7BZA
cms_config common --party-id BDEVTQ3U5WDPBGRLDPOIFIX7RV6MMUTI6DKAI4PX3733LYCC7BZA --scheme RSA
cms register-data-keys 【这里因为我自己的网络问题,所以没用cli 我把cli.yaml 手动python执行,报错 party_id 不是由public_key生成 】
cms_config init --host 127.0.0.1 网络访问不通应该是这里的问题 cms_config init --host 127.0.0.1:8888
cms_config init --host 127.0.0.1 网络访问不通应该是这里的问题 cms_config init --host 127.0.0.1:8888
试了。也不太行。 估计是自签名的原因 https://stackoverflow.com/questions/69013587/grpc-python-client-authentication-throwing-ssl-error-ssl-error1000007dssl-rou 和这个报错一样 。我的证书都是自签名的
Even if it is self-signed, it is not the usual way for us to establish TLS connections. That can leave your applications to man-in-the-middle attack. You will want to have your client set a trust certificate that is issued by a CA
放弃了自签名证书。 采用通过CA证书机构生成的证书文件来 cms register-data-keys,也是报错
Traceback (most recent call last):
File "test.py", line 38, in
cert_chain_file: certificate.crt common: cert_pems_file: certificate.crt party_id: "CSDR4JQIYM46WQ34YORXE7P7B7WZ7C6Y2IF6LWBWHN5ZX7SPJGYA" register_data_keys: data_key_b64s:
请问 可以加个联系方式 ,线下沟通一下吗
下面是我执行的步骤 docker run -it -d -p 8888:8888 secretflow/capsule-manager-sim-ubuntu20.04:latest bash ./capsule_manager --enable-tls false
cms_util generate-data-key-b64 数据秘钥 rffCcW2MvJcrkFo5BTAs1g==
生成加密文件 cms_util encrypt-file --source-file alice.csv --dest-file alice.csv.enc --data-key-b64 rffCcW2MvJcrkFo5BTAs1g== 【先用openssl生成私钥,证书等】 cms_config init --host 127.0.0.1 --sim true --private-key-file alice.key --cert-chain-file alice.crt --root-ca-file alice_ca.crt
cms_util generate-party-id --cert-pems-file alice.crt 生成 BDEVTQ3U5WDPBGRLDPOIFIX7RV6MMUTI6DKAI4PX3733LYCC7BZA
cms_config common --party-id BDEVTQ3U5WDPBGRLDPOIFIX7RV6MMUTI6DKAI4PX3733LYCC7BZA --scheme RSA
cms register-data-keys 【这里因为我自己的网络问题,所以没用cli 我把cli.yaml 手动python执行,报错 party_id 不是由public_key生成 】
@yuki252111 帮忙看一下这个问题
这个有个误区:cms_config init --host 127.0.0.1 --sim true --private-key-file alice.key --cert-chain-file alice.crt --root-ca-file alice_ca.crt 这里配置的是开启mtls的证书,这个证书的功能仅仅只是开启mtls,没有别的作用。 alice使用的证书在yaml文件中位于common的field下面: party_id使用的也是common field下面的cert_pems_file,所以你要配置的是这个,而不是mtls那块的(mtls一般情况下也不需要开,因为本身通信就是数字信封加密的)
那我现在 生成party_id 需要重新做一遍对吧? 但是我按照官网文档执行
cms_util generate-party-id --cert-pems-file alice.crt 会报错
`Usage: cms_util generate-party-id [OPTIONS]
Try 'cms_util generate-party-id --help' for help.
Error: No such option: --cert-pems-file Did you mean --cert-file? ` 改成 cms_util generate-party-id --cert-file alice.crt BDEVTQ3U5WDPBGRLDPOIFIX7RV6MMUTI6DKAI4PX3733LYCC7BZA
@zhouyou9505 请添加隐语技术支持微信号:secertflow02
这个应该是文档写的不太对,请使用cms_util generate-party-id --cert-file alice.crt为正确的指令。这个我们会修复一下
common: cert_pems_file:
File "/home/zhouyou/miniconda3/envs/tee/lib/python3.8/site-packages/grpc/_channel.py", line 1160, in call return _end_unary_response_blocking(state, call, False, None) File "/home/zhouyou/miniconda3/envs/tee/lib/python3.8/site-packages/grpc/_channel.py", line 1003, in _end_unary_response_blocking raise _InactiveRpcError(state) # pytype: disable=not-instantiable grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with: status = StatusCode.UNAVAILABLE details = "failed to connect to all addresses; last error: UNKNOWN: ipv4:127.0.0.1:0: Failed to connect to remote host: Connection refused" debug_error_string = "UNKNOWN:Error received from peer {created_time:"2024-02-19T17:40:14.803192399+08:00", grpc_status:14, grpc_message:"failed to connect to all addresses; last error: UNKNOWN: ipv4:127.0.0.1:0: Failed to connect to remote host: Connection refused"}"
cli.yaml host: 127.0.0.1 mr_enclave: '' private_key_file: alice.key register_data_keys: resource_uris:
./capsule_manager --enable-tls false config Config { port: Some( 8888, ), .... } [2024-02-19T08:31:07.269699699+00:00] [capsule_manager] [INFO] Server run at: 0.0.0.0:8888 mode Some("simulation")
ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.037 ms 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.077 ms
telnet 127.0.0.1 8888 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. @