Error running nodes: "send ATTRIB" results in InvalidSignature


I’m trying to run my own Sovrin network in AWS (since I can’t connect to the public network ). I’m following the instructions here and here, and I get to the parts where I set up an agent but it gives me an error when I “send ATTRIB”:

sovrin@test> send ATTRIB dest=FuN98eH2eZybECWkofW6A9BKJxxnTatBCopfUiNxo6ZB raw={"endpoint": {"ha": ""}}
Adding attributes {"endpoint": {"ha": ""}} for FuN98eH2eZybECWkofW6A9BKJxxnTatBCopfUiNxo6ZB
client request invalid: InvalidSignature()

Note that I’m using “plenum” versions of those commands, eg. “generate_plenum_pool_transactions” and “start_plenum_node” instead of “generate_sovrin_pool_transactions” and “start_sovrin_node”

Suggestions welcome.


@danielh recommended using Vagrant, with these instructions:

I noticed that those instructions included a pubkey thus: “pubkey”: “5hmMA64DDQz5NzGJNVtRzNwpkZxktNQds21q3Wxxa62z”
… but I still get the same issue.

Here is how I set up this box manually, in an Ubuntu 16.04 AWS VM:

sudo apt-get update
sudo apt install python3-pip python3.5-dev unzip make libsodium18

chmod +x

sudo ldconfig

pip3 install -U --no-cache-dir sovrin-client

sudo -H pip3 install virtualenvwrapper

echo '' >> ~/.bashrc
echo '# Python virtual environment wrapper' >> ~/.bashrc
echo 'export VIRTUALENVWRAPPER_PYTHON=/usr/bin/python3' >> ~/.bashrc
echo 'export WORKON_HOME=$HOME/.virtualenvs' >> ~/.bashrc
echo 'source /usr/local/bin/' >> ~/.bashrc
source ~/.bashrc
mkvirtualenv sovrin
workon sovrin

mkdir .sovrin
# note that this is using the live settings for the "test" connection
mv pool_transactions_live .sovrin/pool_transactions_sandbox

generate_plenum_pool_transactions --nodes 4 --clients 5 --nodeNum 1
generate_plenum_pool_transactions --nodes 4 --clients 5 --nodeNum 2
generate_plenum_pool_transactions --nodes 4 --clients 5 --nodeNum 3
generate_plenum_pool_transactions --nodes 4 --clients 5 --nodeNum 4

# now start each of these in separate terminals
start_plenum_node Node1 9701 9702
start_plenum_node Node2 9703 9704
start_plenum_node Node3 9705 9706
start_plenum_node Node4 9707 9708


I have seen two issues like this in the past. One is now a couple months in the past, and it was a problem with how keys were encoded on the command line. The other was only two days ago, and it was an issue with signing of a message took place. I am not sure of the details of either resolution, but I’ve reached out to some developers who will know more. Hopefully they will leave their thoughts.



Did you create verkey for FuN98eH2eZybECWkofW6A9BKJxxnTatBCopfUiNxo6ZB identity by sending corresponded NYM transaction to Sovrin?

For identities with assigned verkey only identity owner can sign and send ATTRIB requests. For identities, without verkey it is allowed only for identity creator.

I suggest the following test scenario for you:

  1. Create “Trustee” keys by using known seed in your wallet.
  2. Create a new identity in your wallet.
  3. Send NYM transaction with dest and verkey filled for created new identity from Trustee
  4. Send ATTRIB transaction from new identity.

I tried this test using master debs today and it was finished without any problems.

In the case of any problems could you provide the exact list of CLI commands you performed? It will help us significantly in resolving your problem.



Also please make sure that you use latest node and client packages versions. In the past, we saw this issue and it was related to different encoding of the raw attribute on client and node sides.


As mentioned above, I first ran the instructions from here and here. To summarize, I ran all the shell commands from my second post above, and then I started sovrin and did the following in it.

sovrin> new keyring Steward
Active keyring "Default" saved (/home/ubuntu/.sovrin/keyrings/no-env/default.wallet)
New keyring Steward created
Active keyring set to "Steward"

sovrin> connect test
Active keyring "Steward" saved (/home/ubuntu/.sovrin/keyrings/no-env/steward.wallet)
Current active keyring got moved to 'test' environment. Here is the detail:
    keyring name: Steward
    old location: /home/ubuntu/.sovrin/keyrings/no-env/steward.wallet
    new location: /home/ubuntu/.sovrin/keyrings/test/steward.wallet

Saved keyring "Steward" restored (/home/ubuntu/.sovrin/keyrings/test/steward.wallet)
Active keyring set to "Steward"
Client sovrinpdYSv3 initialized with the following node registry:
    Node1C listens at on port 9702
    Node2C listens at on port 9704
    Node3C listens at on port 9706
    Node4C listens at on port 9708
Active client set to sovrinpdYSv3
6ReEQs1ZBaJY7nomzrAT4pt7iYJqWRm94bhVbVhMp5Hk listening for other nodes at
6ReEQs1ZBaJY7nomzrAT4pt7iYJqWRm94bhVbVhMp5Hk looking for Node2C at
6ReEQs1ZBaJY7nomzrAT4pt7iYJqWRm94bhVbVhMp5Hk looking for Node3C at
6ReEQs1ZBaJY7nomzrAT4pt7iYJqWRm94bhVbVhMp5Hk looking for Node1C at
6ReEQs1ZBaJY7nomzrAT4pt7iYJqWRm94bhVbVhMp5Hk looking for Node4C at
Connecting to test...
6ReEQs1ZBaJY7nomzrAT4pt7iYJqWRm94bhVbVhMp5Hk now connected to Node3C
6ReEQs1ZBaJY7nomzrAT4pt7iYJqWRm94bhVbVhMp5Hk now connected to Node2C
6ReEQs1ZBaJY7nomzrAT4pt7iYJqWRm94bhVbVhMp5Hk now connected to Node1C
6ReEQs1ZBaJY7nomzrAT4pt7iYJqWRm94bhVbVhMp5Hk now connected to Node4C
Connected to test.

sovrin@test> new key with seed 000000000000000000000000Steward1
Key created in keyring Steward
Identifier for key is FYmoFw55GeQH7SRFa37dkx1d2dZ3zUF8ckg7wmL7ofN4
Current identifier set to FYmoFw55GeQH7SRFa37dkx1d2dZ3zUF8ckg7wmL7ofN4

sovrin@test> send NYM dest=FuN98eH2eZybECWkofW6A9BKJxxnTatBCopfUiNxo6ZB role=TRUST_ANCHOR
Adding nym FuN98eH2eZybECWkofW6A9BKJxxnTatBCopfUiNxo6ZB

sovrin@test> send ATTRIB dest=FuN98eH2eZybECWkofW6A9BKJxxnTatBCopfUiNxo6ZB raw={"endpoint": {"ha":"", "pubkey": "5hmMA64DDQz5NzGJNVtRzNwpkZxktNQds21q3Wxxa62z"}}
Adding attributes {"endpoint": {"ha":"", "pubkey": "5hmMA64DDQz5NzGJNVtRzNwpkZxktNQds21q3Wxxa62z"}} for FuN98eH2eZybECWkofW6A9BKJxxnTatBCopfUiNxo6ZB
Error: client request invalid: InvalidSignature()

(Note that I didn’t initially have that new keyring Steward call, but I just saw that and added it with my latest attempt. I’ve also tried with and without the pubkey piece on that last send call.)

It looks like the instructions have changed (eg. no longer exists, so I copied from a previous install). I’ll try the Vagrant instructions at some point… but it seems like these step-by-step instructions aren’t too far off so I’ll try again if you think we can get them to work.

I’m not sure what it means to “use latest node and client packages versions”… I reran all steps on a new VM today, but let me know if there’s something else and I’ll try.