Keyring dataprotection does not work when run as a linux service

[volllly]

Describe the bug

When installing the launcher as a systemd service on linux the launcher will not start up because it can not access the keyring to write.

To Reproduce

sudo ./fiskaltrust.Launcher install
sudo journalctl -u fiskaltrust-<cashbox-id> --no-pager

Exceptions (if any)

 Unhandled exception. System.Security.Cryptography.CryptographicException: The provided payload could not be decrypted. Refer to the inner exception for more information. For more information go to http://aka.ms/dataprotectionwarning
 ---> System.Exception: Could not find key in keyring: errno 126
   at fiskaltrust.Launcher.Extensions.KeyUtils.Read(Int32 key)
   at fiskaltrust.Launcher.Extensions.KeyringXmlDecryptor.Decrypt(XElement encryptedElement)
   at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.DeferredKey.<>c__DisplayClass1_0.<GetLazyDescriptorDelegate>g__GetLazyDescriptorDelegate|0()
   at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
--- End of stack trace from previous location ---
   at System.Lazy`1.CreateValue()
   at System.Lazy`1.get_Value()
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyBase.get_Descriptor()
   at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyBase.CreateEncryptor()
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRing.KeyHolder.GetEncryptorInstance(Boolean& isRevoked)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRing.GetAuthenticatedEncryptorByKeyId(Guid keyId, Boolean& isRevoked)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
   --- End of inner exception stack trace ---
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
   at Microsoft.AspNetCore.DataProtection.DataProtectionCommonExtensions.Unprotect(IDataProtector protector, String protectedData)
   at fiskaltrust.Launcher.Commands.CommonCommandHandler.LoadCurve(String accessToken, Boolean useOffline, Boolean dryRun, Boolean useFallback)
   at fiskaltrust.Launcher.Commands.CommonCommandHandler.InvokeAsync(InvocationContext context)
   at fiskaltrust.Launcher.Commands.RunCommandHandler.InvokeAsync(InvocationContext context)
   at System.CommandLine.Invocation.CommandHandler.GetExitCodeAsync(Object value, InvocationContext context)
   at System.CommandLine.Invocation.ModelBindingCommandHandler.InvokeAsync(InvocationContext context)
   at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<<BuildInvocationChain>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Hosting.HostingExtensions.<>c__DisplayClass1_0.<<UseHost>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<<UseHelp>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass27_0.<<UseVersionOption>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Invocation.InvocationPipeline.InvokeAsync(IConsole console)
   at System.CommandLine.Parsing.ParseResultExtensions.InvokeAsync(ParseResult parseResult, IConsole console)
   at System.CommandLine.Parsing.ParserExtensions.InvokeAsync(Parser parser, String[] args, IConsole console)
   at Program.<Main>$(String[] args)
   at Program.<Main>(String[] args)

Further technical details & context

• Version of the Middleware Launcher: 2.0.0-rc.7
• Operating system: Ubuntu 22.04

[volllly]

As a temporary workaround the launcher configurationparameter useLegacyDataProtection can be set to true.

[mijomilicevic]

That might be caused by the serviceuser not being able to access the keyring.

[volllly]

• Set useLegacyDataProtection to true on linux per default for now
• Find out behaviour when switching between useLegacyDataProtection true and false when a proxy string is set.
• Develop a migration path from legacy to the keyring dataprotection
• Adapt know issues in in README

[volllly]

Check if user keyring needs time to become available. or if it is even available for services.