- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
-
A1006 client certificate is not usable
I want to validate and extract public key from the client certificate stored in Rapid IOT's A1006 authenticator secure element. In fact, I am not able to parse it.
My workflow:
- Read certificate from the A1006 chip (using ATMO_MK64F_Auth_GetCert)
- Convert it to base64 (using RPK_Base64_Encode)
- Debug print on the serial console (using ATMO_PLATFORM_DebugPrint)
I am printing the certificate character by character using ATMO_PLATFORM_DebugPrint since the function seems not supporting string longer than 64 characters.
The base64 encoded certificate:
TlhQIFN5c3RlbVJhcGlkIElvVCAgIASSc/L4Ufmi2AJELjQ/6c1dBLaoSwDRko7jrmtOvJkqe+rUIVAe44X4xTA8Ahx8Y9Usm48QYQfCNVYFL2z8v2IyYjxNya3BXw2+AhxvnILvfKv8UYHx3/pHymAfGkOuDjFHNoo85FbiAAA=
I stored the certificate to a file (cert.pem) and made it PEM format:
-----BEGIN CERTIFICATE-----
TlhQIFN5c3RlbVJhcGlkIElvVCAgIASSc/L4Ufmi2AJELjQ/6c1dBLaoSwDRko7j
rmtOvJkqe+rUIVAe44X4xTA8Ahx8Y9Usm48QYQfCNVYFL2z8v2IyYjxNya3BXw2+
AhxvnILvfKv8UYHx3/pHymAfGkOuDjFHNoo85FbiAAA=
-----END CERTIFICATE-----
When I tried to parse:
$ openssl x509 -in cert.pem -text -noout
unable to load certificate
4618929600:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1130:
4618929600:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:290:Type=X509
4618929600:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:crypto/pem/pem_oth.c:33:
I also tried to Debug print the certificate in base16 hex:
4E58502053797374656D526170696420496F54202020049273F2F851F9A2D802442E343FE9CD5D04B6A84B00D1928EE3AE6B4EBC992A7BEAD421501EE385F8C5303C021C7C63D52C9B8F106107C23556052F6CFCBF6232623C4DC9ADC15F0DBE021C6F9C82EF7CABFC5181F1DFFA47CA601F1A43AE0E3147368A3CE456E20000
I can confirm the content of the certificate (hex base16) above is same as the value of the BLE characteristic aa386522826cc0cdaccf40096d5876de which also read the certificate ( I checked the OOB example code in MCUXpresso).
I assume the format is x509 DER format stored in the A1006. Is the certificate further encrypted or corrupted?
estephania_mart
Hello,
By any chance, do you have the same behavior by using the A1006_Get_Cert(uint8_t *cert) API?
Regards
Hi,
The ATMO_MK64F_Auth_GetCert is a wrapper of A1006_Get_Cert. The A1006_Get_Cert did not work directly.
The ATMO_MK64F_Auth_GetUid is returning the UID correctly and the ATMO_MK64F_Auth_GetCert returns
correct size response but for some reason it is not parsable. My task is simple: get cert from A1006 which should
be valid/parsable. Can’t you reproduce it at your end? By the way I am one of the contestants of the Rapid IOT
at Hackster.io and this is a blocking issue for my project.
Thank you in advance,
Naveen
estephania_mart
Hello,
I believe this might help you, the X.509 cert is a compressed certificate and needs to be decompressed before being parsed so in order to use it as you want you you will need to decompress it.
I would strongly recommend you to register in Docstore and check for the Host Library for the A1006 as you will find some examples and functions to achieve what you are trying to do.
Please check this videos on the Docstore registration
Docstore tutorial part 1: User Registration|NXP
Docstore tutorial part 2: portal usage|NXP
And once you get access to the library you might useful the a1006_decompressCert function, so check for it and its usage.
Regards,
Estephania
Hi,
I tried to register in Docstore using the same email registered with NXP community but it was rejected due to non-company email. I again tried with my company email but I was asked to provide NDA between my company and NXP. My company has nothing to do with Hackster.io contest so they are not going to help me in NDA. Is there any other way to access the library you mentioned in the last reply?
Thanks,
Naveen
estephania_mart
Hello,
Sorry for the inconvenience this might cause you. But you need to sign the NDA and that you will need also to register with a company email.
You can also ask in the for one of the distributors available in the following link Distributor Network | NXP .
Regards,
Estephania
