Cryptographic error

[njmurarka]

Hello.

I saw the issues already relating to what I am seeing, in issue #24 and #57. Both are resolved, so I am not sure where to go from here.

I am trying to get a softsign version of tmkms to run on the same machine as the COSMOS daemon, but am not having success.

In app.toml for the daemon, I have the following:

# TCP or UNIX socket address for Tendermint to listen on for
# connections from an external PrivValidator process
priv_validator_laddr = "tcp://127.0.0.1:46659"

For tmkms, I have the following config file:

# Tendermint KMS configuration file

## Chain Configuration

### Cosmos Hub Network

[[chain]]
id = "murarka"
key_format = { type = "bech32", account_key_prefix = "bluzellepub", consensus_key_prefix = "bluzellevalconspub" }
state_file = "/home/ubuntu/.tmkms/state/murarka-consensus.json"

## Signing Provider Configuration

### Software-based Signer Configuration

[[providers.softsign]]
chain_ids = ["murarka"]
key_type = "consensus"
path = "/home/ubuntu/.tmkms/secrets/bluzelle-consensus.key"

## Validator Configuration

[[validator]]
chain_id = "murarka"
addr = "tcp://127.0.0.1:46659"
secret_key = "/home/ubuntu/.tmkms/secrets/kms-identity.key"
protocol_version = "legacy"
reconnect = true

I used the "tmkms softsign import " command to import the private key from the validator.

Also, I do not have any idea how to configure the "[[providers.softsign]]" section. I could not find documentation anywhere. So maybe that is the issue. No idea.

Now, I am stuck.

I was following instructions from: https://medium.com/node-a-team/kms-yubihsm-set-up-l-cosmos-hub-c4a83ffbecd3

Of course, I am doing this with softsign, not YubiHSM, as I want to experiment with and understand tmkms first.

I am getting errors with both tmkms and blzd (my application's daemon).

When I run tmkms:

tmkms start -c ~/.tmkms/tmkms.toml -v
Oct 07 06:22:55.819 DEBUG abscissa_core::component::registry: registered component: abscissa_core::terminal::component::Terminal (v0.5.2)
Oct 07 06:22:55.819 DEBUG abscissa_core::component::registry: registered component: abscissa_core::trace::component::Tracing (v0.5.2)
Oct 07 06:22:55.819  INFO tmkms::commands::start: tmkms 0.8.0 starting up...
Oct 07 06:22:55.819  INFO tmkms::keyring: [keyring:softsign] added consensus Ed25519 key: bluzellevalconspub1zcjduepqns4mmd688u6z9uf7sggvf2l9k75cey8sg4mjc4gfyjsmczjscrvqd8w35h
Oct 07 06:22:55.819 DEBUG tmkms::client: registering chain: murarka
Oct 07 06:22:55.819 DEBUG tmkms::commands::start: Main thread waiting on clients...
Oct 07 06:22:55.819 DEBUG tmkms::session: [murarka@tcp://127.0.0.1:46659] connecting to validator...
Oct 07 06:22:55.819  INFO tmkms::connection::tcp: KMS node ID: 238FC854895FC41FFF68F109DE5E01518317847E
Oct 07 06:22:55.820 ERROR tmkms::client: [murarka@tcp://127.0.0.1:46659] I/O error: Connection refused (os error 111)
Oct 07 06:22:56.820 DEBUG tmkms::session: [murarka@tcp://127.0.0.1:46659] connecting to validator...
Oct 07 06:22:56.820  INFO tmkms::connection::tcp: KMS node ID: 238FC854895FC41FFF68F109DE5E01518317847E
Oct 07 06:22:56.820 ERROR tmkms::client: [murarka@tcp://127.0.0.1:46659] I/O error: Connection refused (os error 111)
Oct 07 06:22:57.820 DEBUG tmkms::session: [murarka@tcp://127.0.0.1:46659] connecting to validator...
Oct 07 06:22:57.820  INFO tmkms::connection::tcp: KMS node ID: 238FC854895FC41FFF68F109DE5E01518317847E
Oct 07 06:22:57.821 ERROR tmkms::client: [murarka@tcp://127.0.0.1:46659] cryptographic error
Oct 07 06:22:58.822 DEBUG tmkms::session: [murarka@tcp://127.0.0.1:46659] connecting to validator...
Oct 07 06:22:58.822  INFO tmkms::connection::tcp: KMS node ID: 238FC854895FC41FFF68F109DE5E01518317847E
Oct 07 06:23:00.494 ERROR tmkms::client: [murarka@tcp://127.0.0.1:46659] I/O error: Connection reset by peer (os error 104)
Oct 07 06:23:01.494 DEBUG tmkms::session: [murarka@tcp://127.0.0.1:46659] connecting to validator...
Oct 07 06:23:01.494  INFO tmkms::connection::tcp: KMS node ID: 238FC854895FC41FFF68F109DE5E01518317847E
Oct 07 06:23:01.495 ERROR tmkms::client: [murarka@tcp://127.0.0.1:46659] I/O error: Connection refused (os error 111)
Oct 07 06:23:02.495 DEBUG tmkms::session: [murarka@tcp://127.0.0.1:46659] connecting to validator...
Oct 07 06:23:02.495  INFO tmkms::connection::tcp: KMS node ID: 238FC854895FC41FFF68F109DE5E01518317847E
Oct 07 06:23:02.495 ERROR tmkms::client: [murarka@tcp://127.0.0.1:46659] I/O error: Connection refused (os error 111)
Oct 07 06:23:03.495 DEBUG tmkms::session: [murarka@tcp://127.0.0.1:46659] connecting to validator...
Oct 07 06:23:03.495  INFO tmkms::connection::tcp: KMS node ID: 238FC854895FC41FFF68F109DE5E01518317847E
Oct 07 06:23:03.496 ERROR tmkms::client: [murarka@tcp://127.0.0.1:46659] I/O error: Connection refused (os error 111)

When I run blzd (with log_level info):

blzd start --log_level info
I[2020-10-07|06:22:57.456] starting ABCI with Tendermint                module=main 
I[2020-10-07|06:22:57.466] Module setup                                 module=main bluzelle_crud=true
I[2020-10-07|06:22:57.486] Starting multiAppConn service                module=proxy impl=multiAppConn
I[2020-10-07|06:22:57.486] Starting localClient service                 module=abci-client connection=query impl=localClient
I[2020-10-07|06:22:57.486] Starting localClient service                 module=abci-client connection=mempool impl=localClient
I[2020-10-07|06:22:57.486] Starting localClient service                 module=abci-client connection=consensus impl=localClient
I[2020-10-07|06:22:57.486] Starting EventBus service                    module=events impl=EventBus
I[2020-10-07|06:22:57.486] Starting PubSub service                      module=pubsub impl=PubSub
I[2020-10-07|06:22:57.492] Starting IndexerService service              module=txindex impl=IndexerService
I[2020-10-07|06:22:57.492] ABCI Handshake App Info                      module=consensus height=34 hash=8A0BD536FFFEA92EE78EF2574568C03BEBF4606F55D2E0D38B09126BD42B8771 software-version= protocol-version=0
I[2020-10-07|06:22:57.492] ABCI Replay Blocks                           module=consensus appHeight=34 storeHeight=34 stateHeight=34
I[2020-10-07|06:22:57.492] Completed ABCI Handshake - Tendermint and App are synced module=consensus appHeight=34 appHash=8A0BD536FFFEA92EE78EF2574568C03BEBF4606F55D2E0D38B09126BD42B8771
I[2020-10-07|06:22:57.492] Starting SignerListenerEndpoint service      module=privval impl=SignerListenerEndpoint
I[2020-10-07|06:22:57.492] SignerListener: Listening for new connection module=privval 
ERROR: error with private validator socket client: can't get pubkey: endpoint connection timed out

I have no idea at this point. I tried to search everywhere but cannot figure out the issue. Is there some handshake that I need to configure (wild guess)? I don't have any documentation on this.

Please advise. Thanks.

[tony-iqlusion]

Depending on the Tendermint version in use on a given chain, you may need to set protocol_version = "v0.33":

https://github.com/iqlusioninc/tmkms/blob/develop/tmkms.toml.example#L35

In your config, you presently have it set to legacy.

More info:

https://iqlusion.blog/announcing-tendermint-kms-v0-8-0-transaction-signing-support#tendermint-v033-compatibility-secret-connecti_1

[njmurarka]

Thanks very much. It resolved it. Looking at older blogs has its risks, I guess.