# Cant sign keyfiles using tripwire

## FizzyWidget

I have created a twpol.txt file using the script here  https://bugs.gentoo.org/344577 and have edited the twcfg.txt file to suit my requirements

```
ROOT                   =/usr/sbin

POLFILE                =/mnt/500musb/tripwire/server/tw.pol

DBFILE                 =/mnt/500musb/tripwire/server/$(HOSTNAME).twd

REPORTFILE             =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr

SITEKEYFILE            =/mnt/500musb/tripwire/server/site.key

LOCALKEYFILE           =/mnt/500musb/tripwire/server/$(HOSTNAME)-local.key

EDITOR                 =/bin/nano

LATEPROMPTING          =false

LOOSEDIRECTORYCHECKING =false

MAILNOVIOLATIONS       =true

EMAILREPORTLEVEL       =3

REPORTLEVEL            =3

MAILMETHOD             =SENDMAIL

SYSLOGREPORTING        =false

MAILPROGRAM            =/usr/lib/sendmail -oi -t
```

I then run /etc/tripwire/twinstall.sh and it asks me for a site passphrase and then a local passphrase, which i put it, but right at the end it errors out with this message

 *Quote:*   

> Signing configuration file...
> 
> ### Error: Invalid Keyfile format
> 
> ### Exiting...
> ...

 

and i am at a bit of a loss, i have used tripwire before, but i left things as default, I have since been advised that this is not advisable, so i decided to try it from fresh using a 500meg usb stick.

I have also edited the twpol.txt file to point towards the usb stick as there were a few options going to /etc/tripwire

----------

## wcg

(NB: I have not used Tripwire, but this is what I would do if I wanted to

use it and the same thing happened.)

Look in tw-install.sh for that error message. Is it coming from the shell

script or from some binary that the shell script is running to sign the file?

The essential question is which binary if any is reporting the error.

Say it is something like "/usr/sbin/tw-sign":

```

mv /usr/sbin/tw-sign /usr/sbin/tw-sign.bin

echo '#!/bin/sh' > /usr/sbin/tw-sign

echo "strace -f -o /tmp/trace_tw-sign.log /usr/sbin/tw-sign.bin" >> /usr/sbin/tw-sign

chmod 755 /usr/sbin/tw-sign

# or, if this runs as root,

# chmod 700 /usr/sbin/tw-sign

# If it runs as some tripwire-specific userid,

# chown tripwire_uid.tripwire_gid /usr/sbin/tw-sign

```

Then run your tw-install.sh script again. After it errors out, take a look at

/tmp/trace_tw-sign.log and see what happened (wrong pathname or something

else).

Don't forget to mv tw-sign.bin back to tw-sign afterwards. (Replace "tw-sign" with actual

binary called from the tw-install.sh script.)

You of course need strace installed for this. (It is in Portage.)

----------

## FizzyWidget

Thanks for the suggestion, will have to look into it later as have family coming over soon so busy with other things  :Smile: 

----------

