search

moxie0 / Convergence

An agile, distributed, and secure alternative to the Certificate Authority system.
http://convergence.io
621 stars 108 forks source link

KeyPair generation error #62

Closed sid77 closed 13 years ago

sid77 commented 13 years ago

Convergence is not able to generate its KeyPair, this is the log shown in the console:

... Loaded! Settings loaded threshold: majority Configuring cache... Generating new ca certificate.. KeyPair generation error: -8037 Initializing error: Error generating keypair! , undefined ...

I removed convergence, disabled every other extension, restarted firefox and installed convergence once again: same error. Convergence works, though, on a new empty profile. I am running Firefox 6.0.2 on a Slackware64 13.37.

kargig commented 13 years ago

I'm having the same problem on iceweasel-6.0.2 and debian squeeze.

The first time I ran it with a clean profile I still got: Failed to find nspr4 in installed directory, checking system paths. Failed to find nss3 in installed directory, checking system paths. Failed to find ssl3 in installed directory, checking system paths. Failed to find mozsqlite3 in installed directory, checking system paths for sqlite3. Settings loaded threshold: majority Configuring cache... Generating new ca certificate.. KeyPair generation error: -8037 Initializing error: Error generating keypair! , undefined

but the second time I got: Failed to find nspr4 in installed directory, checking system paths. Failed to find nss3 in installed directory, checking system paths. Failed to find ssl3 in installed directory, checking system paths. Failed to find mozsqlite3 in installed directory, checking system paths for sqlite3. Configuring cache... Found existing certificate! SQL exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [mozIStorageConnection.executeSimpleSQL]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: file:///home/xxxxx/.mozilla/firefox/0acagio7.kot/extensions/convergence@extension.thoughtcrime.org/components/Convergence.js :: :: line 143" data: no] LISTEN PORT: 51373 Initializing shuffleworker... Posting... Convergence Setup Complete.

sid77 commented 13 years ago

According to https://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html error -8037 means SEC_ERROR_TOKEN_NOT_LOGGED_IN or "The operation failed because the PKCS#11 token is not logged in."

sid77 commented 13 years ago

Somehow the problem is located in chrome/content/ssl/CertificateManager.js as it fails at generating the keypair using this call:

var privateKey = NSS.lib.PK11_GenerateKeyPair(...)

EDIT: original version of this comment was stupid, indeed :D

moxie0 commented 13 years ago

Do you have a password set for your PSM? https://github.com/moxie0/Convergence/issues/22

sid77 commented 13 years ago

Yes, this was the "problem" and the reported workaround works for me too. Opening the password db before running the key pair generation process should be the right solution, IIRC there should be a function for doing that.

Thanks for the help.

moxie0 commented 13 years ago

@sid77 git pull requests gladly accepted. =) Closing this for now as a duplicate of 22.

sid77 commented 13 years ago

I will try, as I spotted another issue connected to the password manager :)