Hi again
I've come accross a lot of certs and even found our own little cinema on a UK dolby server. That was like "oh what are YOU doing here?" ;-)
I'm checking with local KDM managers for a continued workflow for delivery.
So I'm not targetting KDM-to-Cinema.
But I'd like to ask a few more things please.
I learned that opendcp_xml is able to produce a full encrypted package using defined certificates,
and I try to find out how far this process goes into KDMs, so as where to take over the used specs and go on to cinemaslides for producing KDMs (lets say "DKDMs") for the KDM facility.
The MXF containers where encrypted with
-k | --key <key> - set encryption key (this enables encryption)
-u | --key_id <key id> - set encryption key id (leaving blank generates a random uuid)
compendium files where finalized using
-s | --sign - Writes XML digital signature
-1 | --root - Root pem certificate used to sign XML files
-2 | --ca - CA (intermediate) pem certificate used to sign XML files
-3 | --signer - Signer (leaf) pem certificate used to sign XML files
-p | --privatekey - Private (signer) pem key used to sign XML files
What I don't understand:
Does using opendcp_* like this actually produce a kind of "master intermediate", against which I must produce KDMs using the same certificates, the encryption key and id PLUS the fresh cert of the target facility?
Is it so that opendcp goes this far (for a reason of course), and I must go on with a tool like cinemaslides (for -kdm) now?
(I hope it's ok mentioning it here, as there also seem "links" from Mister Woehl to opendcp)
Also, I found a note of Dolby from 2008 on their server, that Dolby seem to have made a step to using two intermediate certs instead of one, and DoReMi also seems to provide these on its servers, is this just neglectable for the time being?
Thanks a lot!
Best
M