- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
オプション
- RSS フィードを購読する
- トピックを新着としてマーク
- トピックを既読としてマーク
- このトピックを現在のユーザーにフロートします
- ブックマーク
- 購読
- ミュート
- 印刷用ページ
A1006 client certificate is not usable
01-13-2019
11:06 PM
5,412件の閲覧回数
yokonav
Contributor III
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
I want to validate and extract public key from the client certificate stored in Rapid IOT's A1006 authenticator secure element. In fact, I am not able to parse it.
My workflow:
- Read certificate from the A1006 chip (using ATMO_MK64F_Auth_GetCert)
- Convert it to base64 (using RPK_Base64_Encode)
- Debug print on the serial console (using ATMO_PLATFORM_DebugPrint)
I am printing the certificate character by character using ATMO_PLATFORM_DebugPrint since the function seems not supporting string longer than 64 characters.
The base64 encoded certificate:
TlhQIFN5c3RlbVJhcGlkIElvVCAgIASSc/L4Ufmi2AJELjQ/6c1dBLaoSwDRko7jrmtOvJkqe+rUIVAe44X4xTA8Ahx8Y9Usm48QYQfCNVYFL2z8v2IyYjxNya3BXw2+AhxvnILvfKv8UYHx3/pHymAfGkOuDjFHNoo85FbiAAA=
I stored the certificate to a file (cert.pem) and made it PEM format:
-----BEGIN CERTIFICATE-----
TlhQIFN5c3RlbVJhcGlkIElvVCAgIASSc/L4Ufmi2AJELjQ/6c1dBLaoSwDRko7j
rmtOvJkqe+rUIVAe44X4xTA8Ahx8Y9Usm48QYQfCNVYFL2z8v2IyYjxNya3BXw2+
AhxvnILvfKv8UYHx3/pHymAfGkOuDjFHNoo85FbiAAA=
-----END CERTIFICATE-----
When I tried to parse:
$ openssl x509 -in cert.pem -text -noout
unable to load certificate
4618929600:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1130:
4618929600:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:290:Type=X509
4618929600:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:crypto/pem/pem_oth.c:33:
I also tried to Debug print the certificate in base16 hex:
4E58502053797374656D526170696420496F54202020049273F2F851F9A2D802442E343FE9CD5D04B6A84B00D1928EE3AE6B4EBC992A7BEAD421501EE385F8C5303C021C7C63D52C9B8F106107C23556052F6CFCBF6232623C4DC9ADC15F0DBE021C6F9C82EF7CABFC5181F1DFFA47CA601F1A43AE0E3147368A3CE456E20000
I can confirm the content of the certificate (hex base16) above is same as the value of the BLE characteristic aa386522826cc0cdaccf40096d5876de which also read the certificate ( I checked the OOB example code in MCUXpresso).
I assume the format is x509 DER format stored in the A1006. Is the certificate further encrypted or corrupted?
8 返答(返信)
土曜日
231件の閲覧回数
jesssaid
Contributor I
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
I need to use the A1006UK chip. Engineers who have done it have contacted me. Thank you very much, vx jesssaid
10-27-2025
07:34 AM
1,952件の閲覧回数
jesssiad
Contributor II
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
11-02-2025
06:52 AM
1,807件の閲覧回数
jesssiad
Contributor II
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
v jesssaid 大家好!
01-17-2019
03:16 PM
5,007件の閲覧回数
estephania_mart
NXP TechSupport
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hello,
By any chance, do you have the same behavior by using the A1006_Get_Cert(uint8_t *cert) API?
Regards
01-17-2019
09:23 PM
5,007件の閲覧回数
yokonav
Contributor III
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hi,
The ATMO_MK64F_Auth_GetCert is a wrapper of A1006_Get_Cert. The A1006_Get_Cert did not work directly.
The ATMO_MK64F_Auth_GetUid is returning the UID correctly and the ATMO_MK64F_Auth_GetCert returns
correct size response but for some reason it is not parsable. My task is simple: get cert from A1006 which should
be valid/parsable. Can’t you reproduce it at your end? By the way I am one of the contestants of the Rapid IOT
at Hackster.io and this is a blocking issue for my project.
Thank you in advance,
Naveen
01-24-2019
01:31 PM
5,007件の閲覧回数
estephania_mart
NXP TechSupport
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hello,
I believe this might help you, the X.509 cert is a compressed certificate and needs to be decompressed before being parsed so in order to use it as you want you you will need to decompress it.
I would strongly recommend you to register in Docstore and check for the Host Library for the A1006 as you will find some examples and functions to achieve what you are trying to do.
Please check this videos on the Docstore registration
Docstore tutorial part 1: User Registration|NXP
Docstore tutorial part 2: portal usage|NXP
And once you get access to the library you might useful the a1006_decompressCert function, so check for it and its usage.
Regards,
Estephania
02-05-2019
01:14 AM
5,007件の閲覧回数
yokonav
Contributor III
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hi,
I tried to register in Docstore using the same email registered with NXP community but it was rejected due to non-company email. I again tried with my company email but I was asked to provide NDA between my company and NXP. My company has nothing to do with Hackster.io contest so they are not going to help me in NDA. Is there any other way to access the library you mentioned in the last reply?
Thanks,
Naveen
02-13-2019
01:17 PM
5,007件の閲覧回数
estephania_mart
NXP TechSupport
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hello,
Sorry for the inconvenience this might cause you. But you need to sign the NDA and that you will need also to register with a company email.
You can also ask in the for one of the distributors available in the following link Distributor Network | NXP .
Regards,
Estephania
