Tweet
After installing and setting up Guard I am not able to initiate it for encrypting files from the web interface.
After pressing "Start" in the "Guard Security Settings" pane and entering a password and recover email, I get the notification "Problems creating keys, please try again later".
The following can be found in /var/log/open-xchange/guard/guard.log:
The /var/log/open-xchange/console.log file is empty.
My guard.properties file is the following (I removed the unused, optional settings because of the character limit):
Because of privacy reasons I removed my TLD, passwords, IP and name.
Thanks for your help!
After pressing "Start" in the "Guard Security Settings" pane and entering a password and recover email, I get the notification "Problems creating keys, please try again later".
The following can be found in /var/log/open-xchange/guard/guard.log:
Code:
d=Mon Aug 03 02:42:43 CDT 2015, t=qtp421404300-19, level=INFO, PID=83, IP=<myIP>, command=/login, action=login, module=server.MainServlet, message="Action: login From IP: <myIP>" d=Mon Aug 03 02:43:36 CDT 2015, t=qtp421404300-21, level=INFO, PID=85, IP=<myIP>, command=/login, action=create, module=server.MainServlet, message="Action: create From IP: <myIP>" d=Mon Aug 03 02:43:36 CDT 2015, t=qtp421404300-21, level=INFO, PID=85, IP=<myIP>, command=/login, action=create, module=encr.EncrLib, message="String index out of range: 24" d=Mon Aug 03 02:43:36 CDT 2015, t=qtp421404300-21, level=ERROR, PID=85, IP=<myIP>, command=/login, action=create, module=util.Core, message="Problem loading password RSA key", error_class=com.openexchange.guard.exceptions.BadPasswordException, error_message="Bad Password", error_trace="at com.openexchange.guard.encr.GuardKeys.getDecodedPrivate(GuardKeys.java:249)^M at com.openexchange.guard.encr.GuardKeys.getDecodedPrivate(GuardKeys.java:212)^M at com.openexchange.guard.util.Core.loadPrivate(Core.java:376)^M at com.openexchange.guard.util.Core.decr(Core.java:347)^M at com.openexchange.guard.util.Core.checkEpass(Core.java:336)^M at com.openexchange.guard.util.Core.getJSON(Core.java:211)^M at com.openexchange.guard.server.Auth.createKeys(Auth.java:96)^M at com.openexchange.guard.server.MainServlet.doPost(MainServlet.java:840)^M at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)^M at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)^M at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:808)^M at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587)^M at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)^M at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)^M at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)^M at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)^M at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)^M at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)^M at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)^M at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)^M at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)^M at org.eclipse.jetty.server.Server.handle(Server.java:497)^M at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)^M at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)^M at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)^M at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)^M at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)^M at java.lang.Thread.run(Thread.java:745)^M " d=Mon Aug 03 02:43:36 CDT 2015, t=qtp421404300-21, level=ERROR, PID=85, IP=<myIP>, command=/login, action=create, module=server.MainServlet, message="Error creating keys", error_class=com.openexchange.guard.exceptions.GuardMissingParameter, error_message="Missing JSON parameter password", error_trace="at com.openexchange.guard.util.Core.getStringFromJson(Core.java:488)^M at com.openexchange.guard.server.Auth.createKeys(Auth.java:108)^M at com.openexchange.guard.server.MainServlet.doPost(MainServlet.java:840)^M at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)^M at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)^M at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:808)^M at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587)^M at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)^M at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)^M at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)^M at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)^M at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)^M at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)^M at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)^M at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)^M at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)^M at org.eclipse.jetty.server.Server.handle(Server.java:497)^M at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)^M at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)^M at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)^M at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)^M at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)^M at java.lang.Thread.run(Thread.java:745)^M " d=Mon Aug 03 02:43:36 CDT 2015, t=qtp421404300-21, level=ERROR, PID=85, IP=<myIP>, result=fail, action=create, command=/login, module=server.MainServlet, message="Fail with url: /oxguard/login", error_class=com.openexchange.guard.exceptions.GuardMissingParameter, error_message="Missing JSON parameter password", error_trace="at com.openexchange.guard.util.Core.getStringFromJson(Core.java:488)^M at com.openexchange.guard.server.Auth.createKeys(Auth.java:108)^M at com.openexchange.guard.server.MainServlet.doPost(MainServlet.java:840)^M at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)^M at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)^M at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:808)^M at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587)^M at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)^M at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)^M at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)^M at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)^M at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)^M at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)^M at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)^M at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)^M at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)^M at org.eclipse.jetty.server.Server.handle(Server.java:497)^M at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)^M at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)^M at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)^M at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)^M at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)^M at java.lang.Thread.run(Thread.java:745)^M "
My guard.properties file is the following (I removed the unused, optional settings because of the character limit):
Code:
# Specify the hostname / IP address of the Open-Xchange configdb. com.openexchange.guard.configdbHostname=localhost # Specify if the name of configdb was changed. Default is configdb com.openexchange.guard.configdbName=configdb # Specify the hostname / IP address of the Guard database. com.openexchange.guard.oxguardDatabaseHostname=localhost # For readonly slave (optional) # com.openexchange.guard.oxguardDatabaseRead= # Specify the hostname / IP address of Guard guest shards # This is for the database shards used when sending to Guest users # Defines where the NEXT shard will go when created # Stores the Guest keys # com.openexchange.guard.oxguardShardDatabase=localhost # For readonly slave (optional) # com.openexchange.guard.oxguardShardRead= # Specify the MySQL username and password for accessing both the # Open-xchange configdb database and the Guard database. com.openexchange.guard.databaseUsername=ox-guard com.openexchange.guard.databasePassword=<myDBPassword> # Specify the username and password for accessing the support API of OX Guard #com.openexchange.guard.supportapiusername= #com.openexchange.guard.supportapipassword= #The amount of hours specifying how long a deleted and exposed key will be #marked as "exposed", or 0 for disabling automatic reset of exposed keys. #Note: Resetting is scheduled once a day #default: 168 hours = 1 Week com.openexchange.guard.exposedKeyDurationInHours=0 # Specify the hostname of the Open-Xchange REST API server. The REST API is a # service on the Open-Xchange backend. Use localhost in case that the Guard service # is deployed on the same system as the Open-Xchange backend. In case that the REST # API is deployed on a separate system ensure that Guard can connect, see clustering # documentation for Guard for more details. com.openexchange.guard.restApiHostname=localhost # Port for communicating with the OX Backend/REST API. Defaults to 8009 # com.openexchange.guard.OXBackendPort = 8009 # Specify the authentication username and password for the basic HTTP authentication # as the Open-Xchange REST API requires such. com.openexchange.guard.restApiUsername=oxrestapi com.openexchange.guard.restApiPassword=<myRESTPassword> # When Guard sends an eMail to external recipients those recipients will be able to # access the encrypted content by opening a link in that eMail. The description and # the link of that eMail are not encrypted and always readable by the recipient. The # link points to the Guard reader for external recipients, a servlet to decrypt and # display the encrypted eMail content. Specify which domain and path should be used # The Https link will be created dynamically by Guard. # This value will be used as the default unless over-written by cascade value # com.openexchange.guard.externalReaderURL com.openexchange.guard.externalReaderPath=<myTLD>/appsuite/api/oxguard/reader/reader.html # When Guard sends an encrypted eMail to members, they may not be using the webmail UI # to read the email. A help file is attached, and a link will be provided to log into # their webmail to read the encrypted item. This setting is used to point to a generic # log in for the webmail system. Sent to multiple recipients, so not customized to # the individual recipient. OK domain:port. HTTPS will always be added # This value will be used as the default unless over-written by cascade value # com.openexchange.guard.externalOxUI com.openexchange.guard.externalEmailURL=<myTLD> # Specify the storage type that should be used to store encrypted objects for the Guard # backend cache. Files be be cached on this storage for up the the number of days that # will be configured in com.openexchange.guard.cacheDays. In case file is used the storage # location has to be replicated to all Guard backends in order to share cached objects # between multiple servers. Possible values are: # file - Use local file storage. # s3 - Use an Amazon S3 compatible object store. com.openexchange.guard.storage.type=file # Define the temporary upload directory for Guard Drive files in case of that the storage # type (com.openexchange.guard.storage.type) has been set to 'file'. com.openexchange.guard.storage.file.uploadDirectory=/var/spool/open-xchange/guard/uploads # Specifies the endpoint (e.g. "ec2.amazonaws.com") or a full URL, including # the protocol (e.g. "https://ec2.amazonaws.com") of the region specific AWS # endpoint this client will communicate with. Defaults to "s3.amazonaws.com" # if not defined. Required if storage type is set to "s3". # com.openexchange.guard.storage.s3.endpoint= # Specifies the name of the parent bucket to use. The bucket will be created # automatically if it not yet exists, however, it's still possible to use an # already existing one. There are some naming restrictions, please refer to # http://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html for # details. Required if storage type is set to "s3". # com.openexchange.guard.storage.s3.bucketName= # Configures the Amazon S3 region to use when creating new buckets. This value # is also used to pre-configure the client when no specific endpoint is set. # Possible values are "us-gov-west-1", "us-east-1", "us-west-1", "us-west-2", # "eu-west-1", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1" and # "sa-east-1". Defaults to "us-west-2". Will only be used if endpoint is not # configured. # com.openexchange.guard.storage.s3.region=us-west-2 # Configures the AWS access key to use. Required if storage type is set to "s3". # com.openexchange.guard.storage.s3.accessKey= # Configures the AWS secret key to use. Required if storage type is set to "s3". # com.openexchange.guard.storage.s3.secretKey= # Define the log level of the Guard service. Possible values are: # error - errors only # debug - full debug details # info - info items com.openexchange.guard.logLevel=normal com.openexchange.guard.jettyLogLevel=error # Encryption configuration - Specify encryption strength and key length. This used for Proprietary Guard (version 1.2 and earlier). NOT used for PGP # If your region allows the suggested values are as follows: # AES_Key_Length: 256 # RSA_Key_Length: 2048 (Recco 2048) com.openexchange.guard.aesKeyLength=256 com.openexchange.guard.rsaKeyLength=2048 # PGP Keys can have an expiration date. The default is 10 years, or 3650 days # Set the number of days the keys will be valid for. The user will have to # create new keys after this date. # Set to 0 if no expiration date com.openexchange.guard.keyValidDays=3650 # Remote Public Key lookup. You can list Public PGP Servers here, preferrably # servers that have verified keys. Comma separated list. Can specify port # https only on port 443. # In addition it is possible to add an optional base request path; for example hkp://example.org:11371/custom/path/to/pks/lookup? com.openexchange.guard.publicPGPDirectory = hkp://keys.gnupg.net:11371, hkp://pgp.mit.edu:11371 # PGP Key's from the remote servers are stored in a cache for a set period of time # before the remote servers are queried again. Set the time for the cache here com.openexchange.guard.pgpCacheDays = 7 # Specify how long emails sent to external users should be cached in the Guard backend. # This caching is used for fast access and easy decoding of the encrypted mail content. com.openexchange.guard.cacheDays=30 # At what hour of the day should the Guard service execute the # internal maintenance cron jobs? Possible values are: # 0 - 23 com.openexchange.guard.cronHour=2 # Specify the SMTP server information for replies of external recipients. Those recipients # are able to decrypt, display and reply to eMails they receive via the link to the Guard # reader in those encrypted eMails. # The SMTP server is also used for sending password reset emails com.openexchange.guard.guestSMTPServer=<myMailServer> com.openexchange.guard.guestSMTPPort=456 com.openexchange.guard.guestSMTPUsername=hostmaster@<myTLD> com.openexchange.guard.guestSMTPPassword=<mySMTPPassword> # Emails with new passwords are sent to internal ox users when they have a new email # sent to them. These password emails are used for password reset, and when a new # key is generated for a user. This can be configured through the senders configuration # cascade, but should be sent here for system email address com.openexchange.guard.passwordFromAddress=hostmaster@<myTLD> com.openexchange.guard.passwordFromName=<myName>
Thanks for your help!
Comment