I'm having trouble generating a KDM for an encrypted DCP using DCP-o-matic. I created a DKDM on certificate dcpomatic for the DCP and I'm trying to use dcpomatic2_kdm_cli to generate a KDM. Here is the command I'm running:
dcpomatic2_kdm_cli -v create CPL_22f7c2c0-5aed-4d42-bb12-fa5eb0a1af09 --cinema -SATURN --projector-certificate /mnt/z/SATURN/357000-interop.pem --output /mnt/z/KDM_OUTPUT --valid-from "now" --valid-duration "2 weeks"
Making KDMs valid from 2025-02-12T15:56:53+01:00 to 2025-02-26T15:56:53+01:00
dcpomatic2_kdm_cli: could not find film or CPL ID corresponding to CPL_22f7c2c0-5aed-4d42-bb12-fa5eb0a1af09
I have verified that the CPL ID is correct and that the DKDM exists in the DCP-o-matic configuration. I've also tried listing the DKDM CPLs with dcpomatic2_kdm_cli list-dkdm-cpls, :
carl wrote: Wed Feb 12, 2025 3:27 pm
Can you try passing the ID of the CPL without the CPL_ prefix?
So use 22f7c2c0-5aed-4d42-bb12-fa5eb0a1af09 instead of CPL_22f7c2c0-5aed-4d42-bb12-fa5eb0a1af09
ok thankyou
Could not decrypt KDM (error:02000079:rsa routines::oaep decoding error) (256/2048)
i have create a dkdm from certificate copy paste in config.xml
because with dcpomatic2_kdm_cli dump-decryption-certificate export, in my software was error incomplete certificate chain.
carl wrote: Wed Feb 12, 2025 4:23 pm
It sounds like the certificate you used to make the DKDM does not match the private key that DCP-o-matic will use to decrypt the KDM, perhaps?
Is there a reason why you can't just recreate the KDM decryption chain? Are you already relying on it staying the same?
is there a command to export the dcpomatic2 key to enter in my KDM generation software, to try to do a dcp unlock test?
1 I have created an encrypted DCP with other professional software
2 Exported a DKDM for a professional KDM generation software
3 exported from this software a DKDM for DCPomatic2
4 I will generate a KDM from dcpomatic2 for my server player
I'm making Python scripts to test and understand the encryption and decryption process