Import ECC key into HSE FW

IAussman · ‎04-27-2023

Dear NXP community,

I'm currently trying to import ECC public key into HSE FW.

OpenSSL has generated the private and public key with ".pem" extension.

So my question is, how to convert this pem file into something that could be used for key import.

Thank you for your support.

Best regards,

lukaszadrapa · ‎05-04-2023

Hi @IAussman

0x04 is a prefix only which says that it's uncompressed format.

Regards,

Lukas

View solution in original post

lukaszadrapa · ‎04-27-2023

Hi @IAussman

see please attached document.

Regards,

Lukas

IAussman · ‎05-04-2023

Hi @lukaszadrapa ,

Is there any reason why the first byte of the ECC public key has been removed in the code source ?

Thank you.

Best regards,

lukaszadrapa · ‎05-04-2023

Hi @IAussman

0x04 is a prefix only which says that it's uncompressed format.

Regards,

Lukas

IAussman · ‎05-03-2023

Hi @lukaszadrapa ,

Thank you for your rapid response. I've followed the instructions for generating the ECC key.

HSE FW reference manual says that we have to format the key catalog prior to any key provisioning. By doing so (format catalog), I got an error saying "operation is not allowed". In my code source LC= CUST_DEL, so I should have super user rights.

If I bypass the catalog formating, I'm also getting the same error on the key import (NOT_ALLOWED).

Do you have any suggestions ? Thank you.

Below the code:

Crypto_Init(NULL_PTR);

RetVal = Crypto_Exts_FormatKeyCatalogs();

Crypto_KeyElementSet(CryptoConf_CryptoKey_ECC_PublicKey, /* CryptoKeyId */
CryptoConf_CryptoKeyElement_CryptoKeyElement_ECC_Public, /* KeyElementId */
SEC_au8Ecc256PubKey, /*Ecc public key address */
ECC_PUB_KEY_SZ /* Ecc public key size */);

IAussman · ‎05-03-2023

Problem solved by setting Key_Owner to OWNER_CUST for NvmKeyCatalog, and Key Owner to OWNER_ANY for RamKeyCatalog.

Best regards,