开云体育

Greetings.

OK, you have two issues here. Let's look at Authenticated Messaging since you did that first.

Authenticated Messaging has to use symmetric (secret) keys, rather than a public/private key pair, because the signature for a private key is longer than the maximum length of an APRS text message. So the fact that you loaded your LotW key pair into the database does nothing for sending authenticated messages; the LotW key pair is only useful for SSL-APRS-IS connections. So you need to generate a symmetric key and use that for signing text messages.

As for APRS-IS over SSL, you need to use the SSL-APRS-IS port type to use your LotW key pair; the APRS-IS port type only works with the old passcode system. I can't guarantee that it will work; there aren't many APRS-IS backbone servers on the ssl.aprs2.net rotator, and some of them haven't been updated to the new ARRL certificate authority certificate, so the connection may not work because the server's certificate has expired. Also, because the SSL-APRS-IS port type tries to use the NULL encryption cipher (which doesn't actually encrypt anything, for compliance with Amateur Radio regulations if you are going over a HamNet backhaul) and all the Java runtimes have explicitly disabled that cipher as being insecure (that's the point of it), you may not be able to connect to the server either because of cipher incompatibility (unless you run an encrypted connection).

So try using the correct key type and port type, and see if it will work for you.

Hope this helps.

Andrew, KA2DDO
author of YAAC

________________________________________
From: [email protected] <[email protected]> on behalf of Dave GM4NFI <djcleckie@...>
Sent: Thursday, July 25, 2024 6:42 PM
To: [email protected]
Subject: [yaac-users] SSL-Authentication

Hi
YAAC seems to be working OK as an APRS beacon so I have started to get it to work as an I-Gate
First I had a good read at the Help files below.
I-Gating Tutorial for YAAC
Configuring an SSL-Authenticated APRS-IS Port
Authenticated Messaging in YAAK

I decided to use SSL-Authentication.

I have a valid LoTW callsign certificate for GM4NFI
I saved a copy of the Callsign Certificate as GM4NFI.p12 as described above.

In YAAC I go to View->Authentication Keys->Import Key
I name the key GM4NFI
Navigate to where the file GM4NFI.p12 is saved.
Filter for .p12 files
Import the Key
So far so good.

I now have a listing
Name gm4nfi
Type Private
Callsigns using this key its blank (I would think my callsign needs to be added?)

From View I can see details of my certificate(s) see below
3 valid certificates appear - all have my callsign and all have valid dates.

Not sure why I have 3 I thought it should only be one?

But when I try to Associate Callsigns the button is "greyed out" and cannot be selected.
I can't associate any callsign with the certificate.

Now if I go to File->Configure->Ports I have 2 ports

Port 1 is Enabled APRS-IS euro.aprs2.net
Port 3 is Enabled Serial_TNC /dev/ttyS5 (this is working fine)

I select Port1 all seems fine but Transmit is Disabled and greyed out.
Now if I generate a APRS-IS password from my callsign then it can be enabled.
I thought either an APRS-IS password or SSL-Authentication but not both?

From the Help
"Private/public key pairs can be used as an alternative to the insecure APRS-IS passcode to authenticate YAAC to the APRS-IS Tier 2 backbone, using the SSL-APRS-IS port type. Only key pairs used for the ARRL Logbook of the World and certified by the ARRL's Certificate Authority are acceptable."
I suspect the issue is due to not being able to associate my callsign with the key.
I can't find anything in the Help about the above.
I have now upgraded to YAAC 14 July 2024 version but Associate Callsigns button is "greyed out"

Any advice?
73
Dave
GM4NFI


Below a dump of my callsign certificate (why 3 entries?)
Owner: EMAILADDRESS=djcleckie@..., CN=David J C Leckie, OID.1.3.6.1.4.1.12348.1.1=GM4NFI
Issuer: EMAILADDRESS=lotw@..., DC=arrl.org, CN=Logbook of the World Production CA, OU=Logbook of the World, O=American Radio Relay League, L=Newington, ST=CT, C=US
Serial number: f62cc
Valid from: 22 July 2024, 15:00:15 BST until: 22 July 2027, 15:00:15 BST
Owner: EMAILADDRESS=lotw@..., DC=arrl.org, CN=Logbook of the World Production CA, OU=Logbook of the World, O=American Radio Relay League, L=Newington, ST=CT, C=US
Issuer: EMAILADDRESS=lotw@..., DC=arrl.org, CN=Logbook of the World Root CA, OU=Logbook of the World, O=American Radio Relay League, L=Newington, ST=CT, C=US
Serial number: a
Valid from: 29 June 2023, 16:00:19 BST until: 29 June 2027, 16:00:19 BST
Owner: EMAILADDRESS=lotw@..., DC=arrl.org, CN=Logbook of the World Root CA, OU=Logbook of the World, O=American Radio Relay League, L=Newington, ST=CT, C=US
Issuer: EMAILADDRESS=lotw@..., DC=arrl.org, CN=Logbook of the World Root CA, OU=Logbook of the World, O=American Radio Relay League, L=Newington, ST=CT, C=US
Serial number: b6dc0911164d9c51
Valid from: 28 June 2023, 13:28:35 BST until: 25 June 2033, 13:28:35 BST