- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Home
- :
- Identification and Security
- :
- Secure Authentication
- :
- Re: SE050 - How generate a RSA reference key
SE050 - How generate a RSA reference key
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good morning,
I am able to generate a RSA key pair with success.
But now I need to access my key pair by the reference key.
Through the seTool demo code I can see the generatation of an ECC reference key.
I need the same thing but to RSA in C. Where I can found this example?
Thanks in advance.
Cristiane Bellenzier Piaia
Solved! Go to Solution.
MehdiSOUMHI
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Cristiane, All,
Please find attached latest seTool. Following sequecne should work:
./seTool genRsa 2048 0x00000020 /dev/i2c-1
./seTool getRsaRef 2048 0x00000020 server.key /dev/i2c-1
export OPENSSL_CONF=~/se_mw_04.03.01/simw-top/demos/linux/common/openssl11_sss_se050.cnf
openssl req -config device.cnf -key server.key -new -sha256 -out server.csr -batch
openssl req -text -noout -verify -in server.csr
./seTool getRsaPublic 2048 0x00000020 PubRsaKey.pem none
Best Regards
Mehdi
rodolfoveltrigo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
./seTool genRsa 2048 0x00000020 /dev/i2c-1
./seTool getRsaRef 2048 0x00000020 server.key /dev/i2c-1
export OPENSSL_CONF=~/se_mw_04.03.01/simw-top/demos/linux/common/openssl11_sss_se050.cnf
openssl req -config device.cnf -key server.key -new -sha256 -out server.csr -batch
openssl req -text -noout -verify -in server.csr
./seTool getRsaPublic 2048 0x00000020 PubRsaKey.pem none
MehdiSOUMHI
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Cristiane, All,
Please find attached latest seTool. Following sequecne should work:
./seTool genRsa 2048 0x00000020 /dev/i2c-1
./seTool getRsaRef 2048 0x00000020 server.key /dev/i2c-1
export OPENSSL_CONF=~/se_mw_04.03.01/simw-top/demos/linux/common/openssl11_sss_se050.cnf
openssl req -config device.cnf -key server.key -new -sha256 -out server.csr -batch
openssl req -text -noout -verify -in server.csr
./seTool getRsaPublic 2048 0x00000020 PubRsaKey.pem none
Best Regards
Mehdi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Kan_Li
Do you have any news? We would not like to use python for this scope.
Thanks in advance, again.
Cristiane Bellenzier Piaia
rodolfoveltrigo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NXP has escalated your questions to our internal Level 2 support team. We will reply to you soon.
cheers
Rodolfo
Kan_Li
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @CristianeBP ,
Please kindly have the updated version of seTool as attached. Please also refer to the attached .txt for more detailed description.
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Kan_Li,
Thanks for your quick reply.
I tried the code sent by you but I think something doesn’t work properly.
First of all, when I tried to generate a reference key, there is no validation that the key pair already exists, so a reference key is generated even if the pair of keys does not exist.
When I tried to use the reference key to validate a CSR, the verification fails.
Commands used to test:
#seTool genRsa 2048 0x00000020 /dev/i2c-1
#seTool getRsaRef 2048 0x00000020 server.key /dev/i2c-1
#openssl req -config device.cnf -key server.key -new -sha256 -out server.csr -batch
#openssl req -text -noout -verify -in server.csr
verify failure
But when I tried the same thing using just openssl everthing works fine.
#openssl genrsa -out server2.key 2048
#openssl req -config device.cnf -key server2.key -new -sha256 -out server2.csr -batch
#openssl req -text -noout -verify -in server2.csr
verify OK
When I compare the piece of code used to generate the RSA reference key with the code used to generate the ECC reference key, the ECC uses it's public key, but not in the RSA. Also in the python code used to generate the RSA reference key uses the public key (generate_openssl_rsa_refkey - pycli/src/sss/util.py). I think this part is missing.
Thanks in advance,
Cristiane Bellenzier Piaia
Kan_Li
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @CristianeBP ,
Are you using the NXP OpenSSL Engine or Provider? Would you please try to use the ssscli tool for the same sequence? Thanks for your patience!
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good morning @Kan_Li
yes, we are using the NXP OpenSSL Engine:
[root@ABB-8C-1F-64-CF-3C-18 src]# openssl engine -t
(dynamic) Dynamic engine loading support
[ unavailable ]
(e4sss) se hardware engine support
[ available ]
I just tried the ssscli tool and works perfectly.
Thanks in advance.
Cristiane Bellenzier Piaia
