MOVING DCP AND DKDM FROM ONE MASHINE TO OTHER

Anything and everything to do with DCP-o-matic.
singhasubhajit
Posts: 5
Joined: Fri Jun 30, 2017 9:18 am

MOVING DCP AND DKDM FROM ONE MASHINE TO OTHER

Post by singhasubhajit »

HI friends!

Some days ago i made an open dcp on my office machine. I encrypt it latter and made a DKDM for it. I i submit that dcp on various festivals and i want to issue kdms from my home laptop so can i meet the deadline. How can I do this? both of my machines are ubuntu. And i am running same Vinson of DOM on both of my computers. plz help.
Carsten
Posts: 2804
Joined: Tue Apr 15, 2014 9:11 pm
Location: Germany

Re: MOVING DCP AND DKDM FROM ONE MASHINE TO OTHER

Post by Carsten »

Whenever you start using encryption, I advise to do the following:


KEEP IN MIND - RECREATING YOUR CERTS AND KEYS, REINSTALLING YOUR MACHINE, WIPING YOUR DISC, ETC WILL RENDER ALL YOUR ENCRYPTED CONTENT CREATED PREVIOUSLY USELESS FOREVER IF YOU HAVE NO BACKUP OF YOUR FULL PREFS OR A DEDICATED BACKUP OF ALL YOUR CERTIFICATES AND PRIVATE KEYS!!! IF YOU HAVE LOST CERTS, KEYS, DKDMs, OR METADATA FILES FOR YOUR PROJECTS, NOBODY CAN HELP YOU TO REGAIN ACCESS TO THESE DCPs. THEY ARE NOTHING MORE THAN RUBBISH.

- export all your certificates, for signing and encryption, and private keys, name them properly so you can find them individually
- recreate all certificates and private keys. This is to have a safe start. It may be an unnecessary step, but I once experienced invalid certificates/KDMs when I started using encryption on a machine that ran through many many DOM upgrades over time. Something became corrupted over time, there were times when test versions corrupted prefs, etc. It should be unnecessary for a system with a fresh DOM installation.

After you recreated ALL certificates and keys, BACK THEM UP again, into a folder, all certs and keys with self-explaining names, give the folder a self-explaining name as well, e.g. something with a date, a DOM version, a machine name. So you can easily identify them later. Keep a ZIP of it. Consider this folder/ZIP an asset like important passwords, PINs for your bank account, etc. Add them to your backup process. From now on, these are your certs and keys. You can transfer them to other machines, import and use them. You may also have individual certs/keys for all your machines if you prefer. However, in that case you must always create DKDMS for all your machines in case you want to use them for issuing KDMs or decrypting DCPs. Collect certs and keys for all your machines in one place.

After you created and exported your certificates and keys, it is also a good idea to create a cinema <yourname/yourcompany> and screens <mylaptop>/<mydesktop>,etc. with the leaf certificates of all these machines/DOM installations. These 'virtual screens' are handy to have when you want to test KDMs or issue DKDMs for your different machines. Using these screens to create KDMs will also allow to test (and understand) encryption and (D)KDM workflow.

- Carsten
singhasubhajit
Posts: 5
Joined: Fri Jun 30, 2017 9:18 am

Re: MOVING DCP AND DKDM FROM ONE MASHINE TO OTHER

Post by singhasubhajit »

Thanks for your reply.
Reading your suggestion i rush to my office and export all certificates from my office machine for SIGN and DECRYPTION certificates for ROOT, INTERMEDIATE and LEAF. Also exported decryption certificate for key and decryption certification chain for DCP decryption .
I deleted all the certificates on my LAPTOP and imported from my office machine.
I import the DKDM on DOM KDM Creator, create a cinema, add screen, import certificate for that cinema and tried to export KDM but DOM flashes error.
But when i export KDM from my Office machine for same screen (with same .pem) it works fine.

What I am missing?
Screenshot from 2017-07-13 12-06-30.jpeg
Screenshot from 2017-07-13 12-07-05.jpeg
You do not have the required permissions to view the files attached to this post.
Carsten
Posts: 2804
Joined: Tue Apr 15, 2014 9:11 pm
Location: Germany

Re: MOVING DCP AND DKDM FROM ONE MASHINE TO OTHER

Post by Carsten »

To create the cinema/screen, you only need to export/import the decryption LEAF certificate.

- Carsten
singhasubhajit
Posts: 5
Joined: Fri Jun 30, 2017 9:18 am

Re: MOVING DCP AND DKDM FROM ONE MASHINE TO OTHER

Post by singhasubhajit »

I also exported a kdm for my laptop. But it is not working. Flashing the same error massage mentioned above.
Carsten
Posts: 2804
Joined: Tue Apr 15, 2014 9:11 pm
Location: Germany

Re: MOVING DCP AND DKDM FROM ONE MASHINE TO OTHER

Post by Carsten »

I suggest you first do a test with a new encrypted DCP, e.g. a simple still.

- On your desktop or notebook, export your encryption leaf certificate, and create a new screen within the same DOM installation for it. You may e.g. create a cinema 'MyDOMs', then create screens 'MyDesktop' and 'MyLaptop' using their decryption leaf certificates. After that, create an encrypted DCP, and create KDMs for both screens.Create a new project, import that encrypted DCP, and try to assign the respective KDM you created. If it works, DCP-o-matic will show the decrypted DCP. If it works, you have solved the basic confirmation test. In the future, you can create DKDMs for your machines that can be used on either machine to issue new KDMs.

For this to work between your machines, it doesn't matter wether your certificates and keys are identical or not.

- Carsten
singhasubhajit
Posts: 5
Joined: Fri Jun 30, 2017 9:18 am

Re: MOVING DCP AND DKDM FROM ONE MASHINE TO OTHER

Post by singhasubhajit »

Thanks,
It works. Now I can issue kdm from both of my computers . :D :D