Creating DKDM's

Anything and everything to do with DCP-o-matic.
technogeek
Posts: 9
Joined: Tue May 31, 2016 9:35 pm

Creating DKDM's

Post by technogeek »

Would someone please explain in baby talk how to create a DKDM.

I've been given two .pem files, a user and a smpte .pem.
No matter what I do I can always Decrypt the DCP on the machine it was Encrypted on but absolutely no where else.

I've spent two days on this and I'm feeling really stupid right now.

Thanks
carl
Site Admin
Posts: 2550
Joined: Thu Nov 14, 2013 2:53 pm

Re: Creating DKDM's

Post by carl »

Roughly speaking:
  • Select "Make KDM" and create a new "Cinema" and a new "Screen" within that cinema.
  • Set the recipient certificate on that screen to the certificate that you want to make the DKDM for.
  • Select the screen you just made in the "Make KDMs" dialogue, choose the output type and click OK.
Does that make sense?
technogeek
Posts: 9
Joined: Tue May 31, 2016 9:35 pm

Re: Creating DKDM's

Post by technogeek »

No I'm sorry it doesn't.

The only way I can get it to decrypt on the system I encoded it on is to ingest the .pem that I exported from DCP-O-MATIC on that system.

I'm so lost I don't know what direction to go anymore on both the encoder system and the second system that I'm trying to Decrypt the file on.

I have two keys and neither seem to allow me to decrypt unless I put in my exported .pem.

Thanks
technogeek
Posts: 9
Joined: Tue May 31, 2016 9:35 pm

Re: Creating DKDM's

Post by technogeek »

I have a ****-user-1_chain.pem and a wm_3_smpte_a.pem and neither seem to work.

The **** is the Name of the Production House that is to receive the DCP.

Does it make sense that the Recipient Certificate has to be my exported .pem for the Decryption to work on the system I Encoded and Encrypted on.

I'm totally clued out and feeling pretty stupid at this point in time.

Do the .pems have to be entered before the encode starts.

Thanks
Last edited by technogeek on Tue May 31, 2016 10:35 pm, edited 1 time in total.
carl
Site Admin
Posts: 2550
Joined: Thu Nov 14, 2013 2:53 pm

Re: Creating DKDM's

Post by carl »

Do you know what wm_3_smpte_a.pem is? Where did it come from?

If you are trying to decrypt an encrypted DCP using only the certificate that it was encrypted for: you can't. You would need the private key that corresponds to the target certificate. Is that what you are trying?
technogeek
Posts: 9
Joined: Tue May 31, 2016 9:35 pm

Re: Creating DKDM's

Post by technogeek »

Both of these .pems were sent to me in a zip file to create the DKDM with.

Do I have to ingest these before I start the encode.

Absolutely no info came with these files so I actually don't know if they are Private or Public Keys.

I have been trying to get info on them but the person who sent them to me hasn't been able to put me in contact with the right person to talk to.

It happens that I must also deliver this DCP no later than 3PM tomorrow and no one from the Distribution House has given me any help as of yet.

Thanks
Carsten
Posts: 2807
Joined: Tue Apr 15, 2014 9:11 pm
Location: Germany

Re: Creating DKDM's

Post by Carsten »

Never a good idea to start the encryption/decryption business with a deadline and/or before one has understood all implications of the process.

So far we have not been able to actually understand what you are trying to accomplish. No time + no information is a bad combo.

- Carsten
carl
Site Admin
Posts: 2550
Joined: Thu Nov 14, 2013 2:53 pm

Re: Creating DKDM's

Post by carl »

Do I have to ingest these before I start the encode.
No, the encode is done using a random key that DCP-o-matic generates. Your DKDM is created by wrapping up this random key so that only the intended recipient can see it.

If you want, send the .zip file you received to carl@dcpomatic.com and I will have a poke around.
technogeek
Posts: 9
Joined: Tue May 31, 2016 9:35 pm

Re: Creating DKDM's

Post by technogeek »

Thanks Carl I can't thank you enough.

This is the first time I've ever created a DCP and I was given two days to figure it all out and get it delivered.

This Video Production Industry has a tendancy to "Last Minute" Everything and it can be frustrating.

It's also such a "Breath of Fresh Air" to have someone out there creating something that we can work with for free.

I will definitely Donate to your cause at some point because the cost of buying DCP Software is overly ridiculous.

I live in a city that does not get high both a lot of Movies or budget Movies and so trying to those costs would be nearly impossible.

Thanks again
carl
Site Admin
Posts: 2550
Joined: Thu Nov 14, 2013 2:53 pm

Re: Creating DKDM's

Post by carl »

At this point I think you will have to resort to guesswork. The files you sent me don't give much away, so I would be tempted to make 2 KDMs; one using wm_3_smpte_a.pem and one using the certificate at the bottom of the chain file (I'll email you that).

Then send both KDMs and hope they work. There is no way that you can test them yourself: that is the point of the encryption. No-one but the recipient can decrypt the KDMs you make.

The method is as described before: create two "screens" in the KDM dialog and add one certificate to each, then make KDMs and send the XML files that DCP-o-matic writes.