Encrypting & decrypting sensor data on disk using Zymkey

See Zymbit’s Documentation Site for the most recent AWS documentation.

Hello! I was trying to use the zymkey.client.lock() function on a Raspberry Pi 3 running Raspbian jessie with the Zymkey 4 i module. However, every time I try to tun tre function, it returns an error “Assertionerror: bad return code -1”. This happens regardless of me using a bytearray or a basestring filename as input. Any idea why this could be happening?

Can you please tell me what sudo systemctl zkifc shows?
Also, can you post the entire python exception trace?

Hi Scott,

The systemctl command returns " unknown operation ‘zkifc’ ". Seems weird although I can use the zymkey for functions like controlling the led.

if I run " zymkey.client.lock(bytearray(“hello”,‘utf8’)) " the exception trace reads:

Traceback (most recent call last):
File “”, line 1, in
File “/usr/local/lib/python2.7/dist-packages/zymkey/module.py”, line 196, in lock
raise AssertionError(‘bad return code {!r}’.format(ret))
AssertionError: bad return code -1

Another thing I observed yesterday was when running the zk_crypto_test file. If i generate a signature with one string and I try to verify that signature with another string, it should have given false but it gives a true value and the program exits when it reaches the line
" raise Exception(‘verification should have failed, but passed’) "

I forgot something in the systemctl command: sudo systemctl status zkifc. Please run this and post.

If you are able to control the LED, it seems to me that you the python module might be out of sync with the zymkey daemon (zkifc).

At this point, I would recommend purging the zymkey software and reinstalling it.

This is the output of systemctl:

zkifc.service - Zymkey Interface Connector
Loaded: loaded (/etc/systemd/system/zkifc.service; enabled)
Active: active (running) since Wed 2018-04-25 16:36:13 UTC; 37min ago
Process: 653 ExecStartPre=/bin/bash -c mkdir -p {BASE_DIR} && chown -R zymbit.zymbit {BASE_DIR} (code=exited, status=0/SUCCESS)
Main PID: 659 (su)
CGroup: /system.slice/zkifc.service
‣ 659 /bin/su zymbit -s /bin/bash -c zkifc -s /var/lib/zymbit/

Apr 25 16:36:13 raspberrypi systemd[1]: Starting Zymkey Interface Connector…
Apr 25 16:36:13 raspberrypi systemd[1]: Started Zymkey Interface Connector.
Apr 25 16:36:13 raspberrypi su[659]: Successful su for zymbit by root
Apr 25 16:36:13 raspberrypi su[659]: + ??? root:zymbit
Apr 25 16:36:13 raspberrypi su[659]: pam_unix(su:session): session opened for user zymbit by (uid=0)

Sure, I will try reinstalling it and see if helps!

i tried reinstalling the software but to no avail. The same error persists.

When you reinstalled, did you perform a purge of the old zymkey software?
sudo apt-get purge zkifc libzk
sudo pip uninstall zku

Please run the above commands and then rerun the install script.

Hey scott! Thanks for the instructions! I think it works now!!

Is it possible to use the shared key to encrypt and send the data via MQTT to another raspberry pi device and then decrypt it?

Hi @crvinay1992,

The lock and unlock operations can only be used local to the zymkey because all private keys are unique to the zymkey and not exportable to the outside world. However, you definitely could sign data packages between the sender and receiver.

Yes, I want to use the priv-pub key pair to create and store a secret key and use it for symmetric encryption between two raspberry pi’s with zymbits paired to them. I read on another thread that there is a solution based on the zymkey toolchain to achieve this. Can I have more details on this please?

Link to the thread: Same Encryption key for 2 Zymkeys - #4 by vivekb