Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#49570 - [libaacs] A disk can not be decrypted without a VUK already in place
Attached to Project:
Community Packages
Opened by Ville Aakko (Wild_Penguin) - Sunday, 05 June 2016, 07:44 GMT
Last edited by Ike Devolder (BlackEagle) - Saturday, 24 June 2017, 08:53 GMT
Opened by Ville Aakko (Wild_Penguin) - Sunday, 05 June 2016, 07:44 GMT
Last edited by Ike Devolder (BlackEagle) - Saturday, 24 June 2017, 08:53 GMT
|
DetailsDescription:
Libaacs can not find the VUK even though all the needed keys are in KEYDB.cfg (processing keys). Symptoms: aacs_info fails with the errors below ("Missing item in object"). Any program trying to decrypt the disc using libaacs, will fail with similar errors. The discs are playable if the VUK is known, or VUK is figured out manually with aacskeys and pasted into KEYDB.cfg. I believe this may have something to do with an incompatible gcrypt library, according to some google results, but that is just a guess and I haven't investigated further (and I'm not sure how to debug this further). Additional info: $ aacs_info /[MY_DISC_MOUNTPOINT] Opening /[MY_DISC_MOUNTPOINT] using libaacs 0.8.1 ... crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object aacs.c:160: invalid drl signature, not using it crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object aacs.c:160: invalid hrl signature, not using it crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object mmc.c:654: Drive does not support reading drive certificate aacs.c:883: Unable to read drive certificate libaacs open failed: No valid certificates in configuration file(s) crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object aacs.c:1164: aacs_get_vid() failed crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object Disc ID: 36A8CE3A1A65FC870CA3DA6EF7DB03E9626A1758 VID : ??? MKBv : 28 PMSN : ??? Bus encryption: Device support: no Enabled in media: no Device binding ID: CF45F685C62A211067B13A784D804417 crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object aacs.c:1243: invalid signature in cached hrl Host Revocation List (MKB version 0): (empty) crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object aacs.c:1243: invalid signature in cached drl Drive Revocation List (MKB version 0): (empty)[/code] $ mpv bd:// Playing: bd:// crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object mmc.c:654: Drive does not support reading drive certificate aacs.c:883: Unable to read drive certificate dec.c:208: aacs_open() failed! [bd] AACS error: no valid certificate No protocol handler found to open URL bd:// The protocol is either unsupported, or was disabled at compile-time. Exiting... (Errors when loading file) Name : libaacs Version : 0.8.1-1 Name : libgcrypt Version : 1.7.0-2 Steps to reproduce: Make sure you are decrypting a disk for which the VUK is not known. Also make sure you have the required keys (processing key for MKBv, host sertificates) in KEYDB.cfg. You can reproduce the conditions for the bug for any disc, by removing the VUK for the disc from libaacs cache files (~/.config/aacs and ~/.cache/aacs). If you are lazy, aacs_info fails regardless if you have the VUK cached or not (I believe it is the same issue, that is facing any program using libaacs). Expected results: the VUK should be found automatically, if required processing key and host sertificate keys are in place, and the KEYDB.cfg file updated or ~/.cache/aacs/vuk updated accordingly. |
This task depends upon
Closed by Ike Devolder (BlackEagle)
Saturday, 24 June 2017, 08:53 GMT
Reason for closing: Fixed
Additional comments about closing: Assumed fixed with later releases
Saturday, 24 June 2017, 08:53 GMT
Reason for closing: Fixed
Additional comments about closing: Assumed fixed with later releases
Comment by Doug Newgard (Scimmia) -
Sunday, 05 June 2016, 17:03 GMT
- Field changed: Status (Unconfirmed → Assigned)
- Task assigned to Ike Devolder (BlackEagle)
This has no current maintainer. Ike, I'm assigning to you because this is a makedep of kodi. Nothing else needs it.
Comment by Ike Devolder (BlackEagle) -
Friday, 10 June 2016, 18:56 GMT
It is correct it has something to do with the libgcrypt update but I have no idea what the cause is right now, since between 1.6 and 1.7 the function where the error talks about was not changed.
Comment by Ike Devolder (BlackEagle) -
Saturday, 20 May 2017, 13:19 GMT
Is this issue fixed with the newer updates of libaacs?