Changing the encryption key in WebIF

[frankie2humaxes]

I have done this before when transplanting an older HDD to a new box.

What has led me to need to do it again is maybe another discussion, but I need to change the encryption key on an HDR-FOX T2.

I follow WebIF >> Settings >> Advanced Settings and set up a custom encryption key to match the key for the old unit, and reboot (WebIF >> Diagnostics >> Reboot).

But whenever I reboot and use Diagnostics and look at the 8 lines of info at the the bottom of the page under the title System Information the box still shows the native key.

Am I missing something that allows sucessful setting/changing of the key? - I have rebooted from the WebIF, from the front button, from the front button and then powered off behind and restarted. The native key remains.


I have the following packages

• webshel
• webif
• sysmon
• fan
• auto-schedule-restore

Do I need more? Any tips?

 

[prpr]

But whenever I reboot and use Diagnostics and look at the 8 lines of info at the the bottom of the page under the title System Information the box still shows the native key.

That's what it's supposed to do. You won't see a custom key there.

Do I need more?

Install the nugget package and reboot. You can check the keys with nugget cryptokey from the command line.

 

[/df]

At a minimum, it should say "Native Encryption Key":

--- /mod/webif/include/modversion.jim.org
+++ /mod/webif/include/modversion.jim
@@ -20,7 +20,7 @@
 puts "<br>System ID: [system systemid]"
 puts "<br>Serial Number: [system serialno]"
 if {$mws::pagetag eq "Diagnostics"} {
-       puts "<br>Encryption Key: [system encryptionkey]"
+       puts "<br>Native Encryption Key: [system encryptionkey]"
 }
 puts "<br>Last Boot Reason: [system lastbootreason]"

OP will have nugget installed already, since that's how the keys get changed and so it's a dependency of webif.

A custom key is shown in the Advanced Settings display, if set. The code fragment in /mod/webif/html/settings/modules/advanced/init.hook that reads the custom key from /mod/boot/cryptokey could reasonably be moved into mod/webif/lib/system.class and then it could also be called from the ts::getkey() method in mod/webif/lib/ts.class.

 

[frankie2humaxes]

Thanks, using nugget I can see the key has been changed.

The next bit of the puzzle awaits.

 

[Black Hole]

Do I need more? Any tips?

There is no problem here, you are imagining a problem which does not exist.

WebIF >> Settings >> Advanced Settings, configure alternative key (as per instructions). "Oh, I wonder whether it's actually done it?"... easy check: play a recording. If you have no recordings for which you need an alternative key, then you don't need to change the key.

I suspect your difficulty is that you were working from memory rather than instructions.

Now, so far as the Diagnostics page System Information is concerned, you must allow that the Systems Information display pre-dates the ability to change the key, so whether it would be nice to update that code is another matter.

 

[frankie2humaxes]

Thanks for the help and advice. I wasn't aware of nugget; I wasn't really aware of the command-line other than I knew it existed but didn't know anything about using it.

When I'm home from work tonight I've got some more investigations to do. Thank you.

 

[frankie2humaxes]

How do you get that blue highlight and special font on command functions in the above replies?

 

[Ezra Pound]

Blue box in line code

 Text in a Code window

Is created like this :-

 

[/df]

The forum with the current version of the software supports two ways of formatting messages:

• BBCode (as above) uses HTML-like tags in square brackets, like this: [b]bold text[/b] -> bold text;
• maybe easier is Markdown (this subset], which apart from the previous example I'm using now: **bold text** -> bold text.

 

[/df]

Anyone interested can try https://git.hpkg.tv/hummypkg/webif/pulls/48.

 

[Black Hole]

How do you get that blue highlight and special font on command functions in the above replies?

Try reading Newbies' Guide to the Forum (click)

I wasn't aware of nugget

No real reason for you to be, it's a behind-the-scenes component.

 

[prpr]

Anyone interested can try https://git.hpkg.tv/hummypkg/webif/pulls/48.

I think it generates a garbage /mod/boot/cryptokey file.
I ended up with this (obfuscated) after changing the key a few times:

00000000  cd d3 21 00 00 00 36 33  31 31 31 31 31 31 31 31  |..!...6311111111|
00000010  dc d3 21 00 00 00 36 33  31 31 31 31 31 31 31 31  |..!...6311111111|
*
00000030  33 33 33 33 33 33 33 33  33 33 33 33 33 33 33 33  |3333333333333333|
00000040  dc d3 21 00 00 00 36 33  31 31 31 31 31 31 31 31  |..!...6311111111|
00000050

Other boxes only have the first 16 bytes.
And perhaps you should delete the file if the custom key is the same as the native key.

 

[/df]

Thanks for the test. The Jim manual confused me by changing the wording specifying the a access mode which is actually straight from POSIX, as it is in "real" TCL. Now the file gets opened r+ if it exists and w if not, and an existing file isn't wiped until the new key has been flushed to the file.

The logic for managing the /mod/boot/cryptokey file as the key switches between native and custom is a bit painful but seems to work OK now.

 

[prpr]

Thanks for the fix. That seems to work properly now.