- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- MCUXpresso Training Hub
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- Re: CST reports "Encryption not enabled"
CST reports "Encryption not enabled"
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello All
I am trying to get Encrypted Boot to work on an i.MX6. From the few available sources I have put together the attached CSF script. When I try to sign my image with the following command (I have a work directory outside the CST, thus the funny paths):
$ ../cst-2.3.1/cst --o barebox-testing.enc.csf -c ../cst-2.3.1/crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem < encrypt.csfcfg
The computer hangs for a twenty minutes and then reports:
Encryption not enabled
The file dek.bin is written with an odd size of 439 bytes.
I have openssl version 1.0.1f installed and run CST 2.3.1. Any ideas what could be the problem here?
Regards
Florian
Original Attachment has been moved to: encrypt.csfsfg.zip
Solved! Go to Solution.
foosechek
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When installing cst , encryption is not enabled by default;
There were some release notes in the 2.3.0 version that are missing from the 2.3.1 release which explain the requirement for enabling. This worked for me.
2.1 Encrypted Boot support
This version of CST allows the user to relink the executable
to include support for generating encrypted boot images.
To relink on 32 bit machines:
cd <CST install directory>/code/back_end/src
gcc -o cst -I ../hdr -L ../../../linux32/lib *.c \
-lfrontend -lcrypto
cp cst ../../../linux32
To relink on 64 bit machines:
cd <CST install directory/code/back_end/src
gcc -o cst -I ../hdr -L ../../../linux64/lib *.c -lfrontend -lcrypto
cp cst ../../../linux6
Yuri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
According to "HAB CodeSigning Tool User’s Guide" :
"Due to limitation in current cst implementation the cst must be run
from a directory at the same level as <HAB Installation path>/keys.
For example <HAB Installation path>/product_code, where the product code
to be signed is located."
Have a great day,
Yuri
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Yuri
After recompiling the CST, the call even worked from outside of the CST directory. But now that you mention it, I'm moving the signed code into the CST tree, just to be sure. Thank you for pointing this out!
Regards Florian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Yuri
Thank you for your reply. Meanwhile, I have tried to run the tool from the "keys" directory in the CST (with the paths adapted) with the same result:
cst-2.3.1/keys$ ../linux32/cst --o barebox-testing.enc.csf -c ../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem < encrypt.csfcfg
Encryption not enabled
The CSF File is not created, so I'm pretty sure that the operation failed.
Do you have more input?
Any libraries that I might be missing?
Just out of curiosity: Do you have first hand experience of generating a working encrypted boot with the CST?
Regards Florian
foosechek
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When installing cst , encryption is not enabled by default;
There were some release notes in the 2.3.0 version that are missing from the 2.3.1 release which explain the requirement for enabling. This worked for me.
2.1 Encrypted Boot support
This version of CST allows the user to relink the executable
to include support for generating encrypted boot images.
To relink on 32 bit machines:
cd <CST install directory>/code/back_end/src
gcc -o cst -I ../hdr -L ../../../linux32/lib *.c \
-lfrontend -lcrypto
cp cst ../../../linux32
To relink on 64 bit machines:
cd <CST install directory/code/back_end/src
gcc -o cst -I ../hdr -L ../../../linux64/lib *.c -lfrontend -lcrypto
cp cst ../../../linux6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Team,
I am trying to execute steps mention in nxp documentation for secure boot.
Steps I followed:
1) Downloaded cst-3.1.0.tgz tool from nxp site.
2) untar it on my Linux machine. Following /Docs > CST_UG.pdf and Release_Notes.txt.
Also tried To relink on 64/32 bit Linux machines with steps mentioned in this discussion. But still getting error while running
sub@developer:~/Downloads/release/keys$ ./hab4_pki_tree.sh
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This script is a part of the Code signing tools for Freescale's
High Assurance Boot. It generates a basic PKI tree. The PKI
tree consists of one or more Super Root Keys (SRK), with each
SRK having two subordinate keys:
+ a Command Sequence File (CSF) key
+ Image key.
Additional keys can be added to the PKI tree but a separate
script is available for this. This this script assumes openssl
is installed on your system and is included in your search
path. Finally, the private keys generated are password
protectedwith the password provided by the file key_pass.txt.
The format of the file is the password repeated twice:
my_password
my_password
All private keys in the PKI tree are in PKCS #8 format will be
protected by the same password.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Do you want to use an existing CA key (y/n)?: n
Do you want to use Elliptic Curve Cryptography (y/n)?: n
Enter key length in bits for PKI tree: 4096
Enter PKI tree duration (years): 5
How many Super Root Keys should be generated? 4
Do you want the SRK certificates to have the CA flag set? (y/n)?: y
+++++++++++++++++++++++++++++++++++++
+ Generating CA key and certificate +
+++++++++++++++++++++++++++++++++++++
Generating a RSA private key
..................................++++
.......++++
writing new private key to 'temp_ca.pem'
-----
++++++++++++++++++++++++++++++++++++++++
+ Generating SRK key and certificate 1 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 4096 bit long modulus (2 primes)
........................................++++
.......................................++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
unable to load CA private key
140185369613632:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
140185369613632:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:../crypto/pkcs12/p12_decr.c:62:
140185369613632:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../crypto/pkcs12/p12_decr.c:93:
140185369613632:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:../crypto/pem/pem_pkey.c:88:
Can't open ../crts/SRK1_sha256_4096_65537_v3_ca_crt.pem for reading, No such file or directory
140361417344320:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('../crts/SRK1_sha256_4096_65537_v3_ca_crt.pem','r')
140361417344320:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating CSF key and certificate 1 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 4096 bit long modulus (2 primes)
......................................................++++
...................................................................................................................................................................................................................................................................++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
unable to load CA private key
139771215324480:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
139771215324480:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:../crypto/pkcs12/p12_decr.c:62:
139771215324480:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../crypto/pkcs12/p12_decr.c:93:
139771215324480:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:../crypto/pem/pem_pkey.c:88:
Can't open ../crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem for reading, No such file or directory
139804323910976:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('../crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem','r')
139804323910976:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating IMG key and certificate 1 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 4096 bit long modulus (2 primes)
..............................................++++
..++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
unable to load CA private key
139632623789376:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
139632623789376:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:../crypto/pkcs12/p12_decr.c:62:
139632623789376:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../crypto/pkcs12/p12_decr.c:93:
139632623789376:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:../crypto/pem/pem_pkey.c:88:
Can't open ../crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem for reading, No such file or directory
139856162575680:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('../crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem','r')
139856162575680:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating SRK key and certificate 2 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 4096 bit long modulus (2 primes)
.......................................................++++
.............................++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
unable to load CA private key
140050200614208:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
140050200614208:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:../crypto/pkcs12/p12_decr.c:62:
140050200614208:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../crypto/pkcs12/p12_decr.c:93:
140050200614208:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:../crypto/pem/pem_pkey.c:88:
Can't open ../crts/SRK2_sha256_4096_65537_v3_ca_crt.pem for reading, No such file or directory
139690429662528:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('../crts/SRK2_sha256_4096_65537_v3_ca_crt.pem','r')
139690429662528:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating CSF key and certificate 2 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 4096 bit long modulus (2 primes)
..................................................................................++++
....++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
unable to load CA private key
139673382860096:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
139673382860096:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:../crypto/pkcs12/p12_decr.c:62:
139673382860096:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../crypto/pkcs12/p12_decr.c:93:
139673382860096:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:../crypto/pem/pem_pkey.c:88:
Can't open ../crts/CSF2_1_sha256_4096_65537_v3_usr_crt.pem for reading, No such file or directory
139701180155200:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('../crts/CSF2_1_sha256_4096_65537_v3_usr_crt.pem','r')
139701180155200:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating IMG key and certificate 2 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 4096 bit long modulus (2 primes)
.............................................................................................................................................++++
..............................................................................................................................................................................................++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
unable to load CA private key
140613882578240:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
140613882578240:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:../crypto/pkcs12/p12_decr.c:62:
140613882578240:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../crypto/pkcs12/p12_decr.c:93:
140613882578240:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:../crypto/pem/pem_pkey.c:88:
Can't open ../crts/IMG2_1_sha256_4096_65537_v3_usr_crt.pem for reading, No such file or directory
140061171594560:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('../crts/IMG2_1_sha256_4096_65537_v3_usr_crt.pem','r')
140061171594560:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating SRK key and certificate 3 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 4096 bit long modulus (2 primes)
....................................................................++++
.................................................................++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
unable to load CA private key
140132909233472:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
140132909233472:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:../crypto/pkcs12/p12_decr.c:62:
140132909233472:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../crypto/pkcs12/p12_decr.c:93:
140132909233472:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:../crypto/pem/pem_pkey.c:88:
Can't open ../crts/SRK3_sha256_4096_65537_v3_ca_crt.pem for reading, No such file or directory
140685257864512:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('../crts/SRK3_sha256_4096_65537_v3_ca_crt.pem','r')
140685257864512:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating CSF key and certificate 3 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 4096 bit long modulus (2 primes)
..........................................................................................++++
..............................................................................................................................................................................................++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
unable to load CA private key
139952155837760:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
139952155837760:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:../crypto/pkcs12/p12_decr.c:62:
139952155837760:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../crypto/pkcs12/p12_decr.c:93:
139952155837760:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:../crypto/pem/pem_pkey.c:88:
Can't open ../crts/CSF3_1_sha256_4096_65537_v3_usr_crt.pem for reading, No such file or directory
140588125467968:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('../crts/CSF3_1_sha256_4096_65537_v3_usr_crt.pem','r')
140588125467968:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating IMG key and certificate 3 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 4096 bit long modulus (2 primes)
........................................................................................................++++
..........................................................++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
unable to load CA private key
140422078956864:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
140422078956864:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:../crypto/pkcs12/p12_decr.c:62:
140422078956864:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../crypto/pkcs12/p12_decr.c:93:
140422078956864:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:../crypto/pem/pem_pkey.c:88:
Can't open ../crts/IMG3_1_sha256_4096_65537_v3_usr_crt.pem for reading, No such file or directory
139812568921408:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('../crts/IMG3_1_sha256_4096_65537_v3_usr_crt.pem','r')
139812568921408:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating SRK key and certificate 4 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 4096 bit long modulus (2 primes)
...................++++
.......................................................++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
unable to load CA private key
140247327753536:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
140247327753536:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:../crypto/pkcs12/p12_decr.c:62:
140247327753536:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../crypto/pkcs12/p12_decr.c:93:
140247327753536:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:../crypto/pem/pem_pkey.c:88:
Can't open ../crts/SRK4_sha256_4096_65537_v3_ca_crt.pem for reading, No such file or directory
140431590266176:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('../crts/SRK4_sha256_4096_65537_v3_ca_crt.pem','r')
140431590266176:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating CSF key and certificate 4 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 4096 bit long modulus (2 primes)
.....................................................................................................................++++
...................................................................................++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
unable to load CA private key
139958490457408:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
139958490457408:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:../crypto/pkcs12/p12_decr.c:62:
139958490457408:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../crypto/pkcs12/p12_decr.c:93:
139958490457408:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:../crypto/pem/pem_pkey.c:88:
Can't open ../crts/CSF4_1_sha256_4096_65537_v3_usr_crt.pem for reading, No such file or directory
140578246976832:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('../crts/CSF4_1_sha256_4096_65537_v3_usr_crt.pem','r')
140578246976832:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating IMG key and certificate 4 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 4096 bit long modulus (2 primes)
..................++++
......................................................................................++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
unable to load CA private key
139702410077504:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
139702410077504:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:../crypto/pkcs12/p12_decr.c:62:
139702410077504:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../crypto/pkcs12/p12_decr.c:93:
139702410077504:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:../crypto/pem/pem_pkey.c:88:
Can't open ../crts/IMG4_1_sha256_4096_65537_v3_usr_crt.pem for reading, No such file or directory
140613383144768:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('../crts/IMG4_1_sha256_4096_65537_v3_usr_crt.pem','r')
140613383144768:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
unable to load certificate
