FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

pkcs11-tool generates 2 private keys for keypairgen

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

pkcs11-tool generates 2 private keys for keypairgen

Jump to solution
‎04-26-2024 02:39 AM
2,428 Views
user4
Contributor I

I'm expecting to have a public and a private key pair when I execute pkcs11-tool command with --keypairgen option, but the outputs says generated 2 private keys.

Is that an expected behavior of se050? If not, am I missing something important?

 

<Environment>

platform: Debian (bullseye)

module variant: SE050C1

 

<Outputs>

# pkcs11-tool --module $PKCS11_MODULE --keypairgen --key-type rsa:2048 --label "sss:20202020"
Using slot 0 with a present token (0x1)
smCom :WARN :Invalid conn_ctx
App   :INFO :Using PortName='/dev/i2c-1:0x48' (ENV: EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48)
sss   :INFO :atr (Len=35)
      00 A0 00 00    03 96 04 03    E8 00 FE 02    0B 03 E8 08 
      01 00 00 00    00 64 00 00    0A 4A 43 4F    50 34 20 41 
      54 50 4F 
sss   :WARN :Communication channel is Plain.
sss   :WARN :!!!Not recommended for production use.!!!
Key pair generated:
Private Key Object; RSA 
  label:      sss:20202020
  ID:         20202020
  Usage:      decrypt, sign
  Access:     sensitive, always sensitive
  Allowed mechanisms: RSA-PKCS,SHA1-RSA-PKCS,SHA224-RSA-PKCS,SHA256-RSA-PKCS,SHA384-RSA-PKCS,SHA512-RSA-PKCS,RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,RSA-PP
Private Key Object; RSA 
  label:      sss:20202020
  ID:         20202020
  Usage:      decrypt, sign
  Access:     sensitive, always sensitive
  Allowed mechanisms: RSA-PKCS,SHA1-RSA-PKCS,SHA224-RSA-PKCS,SHA256-RSA-PKCS,SHA384-RSA-PKCS,SHA512-RSA-PKCS,RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,RSA-PP

 

Labels (1)
Labels
0 Kudos
Reply
1 Solution

Jump to solution
‎05-05-2024 10:21 PM
2,330 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @user4 ,

 

Thanks for the information! I have tied the same with MW ver 4.5.1 , it just works as expected. Maybe you have to update the MW to the latest. Please kindly refer to the following for details.

Kan_Li_0-1714972873727.png

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

View solution in original post

0 Kudos
Reply
4 Replies

Jump to solution
‎04-29-2024 12:54 AM
2,407 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @user4 ,

 

May I have the MW version?

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

Jump to solution
‎04-29-2024 06:08 PM
2,394 Views
user4
Contributor I

Hi Kan,

Thank you for responding.

Unfortunately, I don't know the specific version of MW because this environment was built by another company, but guessing it might be 4.2.0:

# dpkg -L plug-and-trust
/.
/etc
/etc/plug-and-trust
/etc/plug-and-trust/openssl11_sss_se050.cnf
/usr
/usr/lib
/usr/lib/arm-linux-gnueabihf
/usr/lib/arm-linux-gnueabihf/engines-1.1
/usr/lib/arm-linux-gnueabihf/engines-1.1/e4sss.so
/usr/lib/arm-linux-gnueabihf/libsssapisw.so.4.2.0
/usr/lib/arm-linux-gnueabihf/plug-and-trust
/usr/lib/arm-linux-gnueabihf/plug-and-trust/libsss_pkcs11.so
/usr/share
/usr/share/doc
/usr/share/doc/plug-and-trust
/usr/share/doc/plug-and-trust/changelog.Debian.gz
/usr/share/doc/plug-and-trust/copyright
/usr/lib/arm-linux-gnueabihf/libsssapisw.so.4

 

0 Kudos
Reply

Jump to solution
‎05-05-2024 10:21 PM
2,331 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @user4 ,

 

Thanks for the information! I have tied the same with MW ver 4.5.1 , it just works as expected. Maybe you have to update the MW to the latest. Please kindly refer to the following for details.

Kan_Li_0-1714972873727.png

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

0 Kudos
Reply

Jump to solution
‎05-06-2024 05:38 PM
2,320 Views
user4
Contributor I

Hi Kan,

Thank you for the inputs. I've also verified that using the libraries in that version does solve the problem, so will consider to ask the package provider to update the MW.

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-1855553%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3Epkcs11-tool%20generates%202%20private%20keys%20for%20keypairgen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1855553%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EI'm%20expecting%20to%20have%20a%20public%20and%20a%20private%20key%20pair%20when%20I%20execute%20pkcs11-tool%20command%20with%20--keypairgen%20option%2C%20but%20the%20outputs%20says%20generated%202%20private%20keys.%3C%2FP%3E%3CP%3EIs%20that%20an%20expected%20behavior%20of%20se050%3F%20If%20not%2C%20am%20I%20missing%20something%20important%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CENVIRONMENT%3E%3C%2FENVIRONMENT%3E%3C%2FP%3E%3CP%3Eplatform%3A%20Debian%20(bullseye)%3C%2FP%3E%3CP%3Emodule%20variant%3A%20SE050C1%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3COUTPUTS%3E%3C%2FOUTPUTS%3E%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3E%23%20pkcs11-tool%20--module%20%24PKCS11_MODULE%20--keypairgen%20--key-type%20rsa%3A2048%20--label%20%22sss%3A20202020%22%0AUsing%20slot%200%20with%20a%20present%20token%20(0x1)%0AsmCom%20%3AWARN%20%3AInvalid%20conn_ctx%0AApp%20%20%20%3AINFO%20%3AUsing%20PortName%3D'%2Fdev%2Fi2c-1%3A0x48'%20(ENV%3A%20EX_SSS_BOOT_SSS_PORT%3D%2Fdev%2Fi2c-1%3A0x48)%0Asss%20%20%20%3AINFO%20%3Aatr%20(Len%3D35)%0A%20%20%20%20%20%2000%20A0%2000%2000%20%20%20%2003%2096%2004%2003%20%20%20%20E8%2000%20FE%2002%20%20%20%200B%2003%20E8%2008%20%0A%20%20%20%20%20%2001%2000%2000%2000%20%20%20%2000%2064%2000%2000%20%20%20%200A%204A%2043%204F%20%20%20%2050%2034%2020%2041%20%0A%20%20%20%20%20%2054%2050%204F%20%0Asss%20%20%20%3AWARN%20%3ACommunication%20channel%20is%20Plain.%0Asss%20%20%20%3AWARN%20%3A!!!Not%20recommended%20for%20production%20use.!!!%0AKey%20pair%20generated%3A%0APrivate%20Key%20Object%3B%20RSA%20%0A%20%20label%3A%20%20%20%20%20%20sss%3A20202020%0A%20%20ID%3A%20%20%20%20%20%20%20%20%2020202020%0A%20%20Usage%3A%20%20%20%20%20%20decrypt%2C%20sign%0A%20%20Access%3A%20%20%20%20%20sensitive%2C%20always%20sensitive%0A%20%20Allowed%20mechanisms%3A%20RSA-PKCS%2CSHA1-RSA-PKCS%2CSHA224-RSA-PKCS%2CSHA256-RSA-PKCS%2CSHA384-RSA-PKCS%2CSHA512-RSA-PKCS%2CRSA-PKCS-PSS%2CSHA1-RSA-PKCS-PSS%2CSHA224-RSA-PKCS-PSS%2CSHA256-RSA-PKCS-PSS%2CSHA384-RSA-PKCS-PSS%2CSHA512-RSA-PKCS-PSS%2CRSA-PP%0APrivate%20Key%20Object%3B%20RSA%20%0A%20%20label%3A%20%20%20%20%20%20sss%3A20202020%0A%20%20ID%3A%20%20%20%20%20%20%20%20%2020202020%0A%20%20Usage%3A%20%20%20%20%20%20decrypt%2C%20sign%0A%20%20Access%3A%20%20%20%20%20sensitive%2C%20always%20sensitive%0A%20%20Allowed%20mechanisms%3A%20RSA-PKCS%2CSHA1-RSA-PKCS%2CSHA224-RSA-PKCS%2CSHA256-RSA-PKCS%2CSHA384-RSA-PKCS%2CSHA512-RSA-PKCS%2CRSA-PKCS-PSS%2CSHA1-RSA-PKCS-PSS%2CSHA224-RSA-PKCS-PSS%2CSHA256-RSA-PKCS-PSS%2CSHA384-RSA-PKCS-PSS%2CSHA512-RSA-PKCS-PSS%2CRSA-PP%3C%2FCODE%3E%3C%2FPRE%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1855553%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CLINGO-LABEL%3ESE050%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1860031%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20pkcs11-tool%20generates%202%20private%20keys%20for%20keypairgen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1860031%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%20Kan%2C%3C%2FP%3E%3CP%3EThank%20you%20for%20the%20inputs.%20I've%20also%20verified%20that%20using%20the%20libraries%20in%20that%20version%20does%20solve%20the%20problem%2C%20so%20will%20consider%20to%20ask%20the%20package%20provider%20to%20update%20the%20MW.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1859378%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20pkcs11-tool%20generates%202%20private%20keys%20for%20keypairgen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1859378%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F232787%22%20target%3D%22_blank%22%3E%40user4%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3EThanks%20for%20the%20information!%20I%20have%20tied%20the%20same%20with%20MW%20ver%204.5.1%20%2C%20it%20just%20works%20as%20expected.%20Maybe%20you%20have%20to%20update%20the%20MW%20to%20the%20latest.%20Please%20kindly%20refer%20to%20the%20following%20for%20details.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Kan_Li_0-1714972873727.png%22%20style%3D%22width%3A%20539px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22Kan_Li_0-1714972873727.png%22%20style%3D%22width%3A%20539px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F277157i5E72F8A6E9A37C13%2Fimage-dimensions%2F539x248%3Fv%3Dv2%22%20width%3D%22539%22%20height%3D%22248%22%20role%3D%22button%22%20title%3D%22Kan_Li_0-1714972873727.png%22%20alt%3D%22Kan_Li_0-1714972873727.png%22%20%2F%3E%3C%2Fspan%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3EHave%20a%20great%20day%2C%3CBR%20%2F%3EKan%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E-------------------------------------------------------------------------------%3CBR%20%2F%3ENote%3A%3CBR%20%2F%3E-%20If%20this%20post%20answers%20your%20question%2C%20please%20click%20the%20%22Mark%20Correct%22%20button.%20Thank%20you!%3CBR%20%2F%3E-%20We%20are%20following%20threads%20for%207%20weeks%20after%20the%20last%20post%2C%20later%20replies%20are%20ignored%3CBR%20%2F%3EPlease%20open%20a%20new%20thread%20and%20refer%20to%20the%20closed%20one%2C%20if%20you%20have%20a%20related%20question%20at%20a%20later%20point%20in%20time.%3CBR%20%2F%3E-------------------------------------------------------------------------------%3C%2FP%3E%0A%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1857078%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20pkcs11-tool%20generates%202%20private%20keys%20for%20keypairgen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1857078%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%20Kan%2C%3C%2FP%3E%3CP%3EThank%20you%20for%20responding.%3C%2FP%3E%3CP%3EUnfortunately%2C%20I%20don't%20know%20the%20specific%20version%20of%20MW%20because%20this%20environment%20was%20built%20by%20another%20company%2C%20but%20guessing%20it%20might%20be%204.2.0%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3E%23%20dpkg%20-L%20plug-and-trust%0A%2F.%0A%2Fetc%0A%2Fetc%2Fplug-and-trust%0A%2Fetc%2Fplug-and-trust%2Fopenssl11_sss_se050.cnf%0A%2Fusr%0A%2Fusr%2Flib%0A%2Fusr%2Flib%2Farm-linux-gnueabihf%0A%2Fusr%2Flib%2Farm-linux-gnueabihf%2Fengines-1.1%0A%2Fusr%2Flib%2Farm-linux-gnueabihf%2Fengines-1.1%2Fe4sss.so%0A%2Fusr%2Flib%2Farm-linux-gnueabihf%2Flibsssapisw.so.4.2.0%0A%2Fusr%2Flib%2Farm-linux-gnueabihf%2Fplug-and-trust%0A%2Fusr%2Flib%2Farm-linux-gnueabihf%2Fplug-and-trust%2Flibsss_pkcs11.so%0A%2Fusr%2Fshare%0A%2Fusr%2Fshare%2Fdoc%0A%2Fusr%2Fshare%2Fdoc%2Fplug-and-trust%0A%2Fusr%2Fshare%2Fdoc%2Fplug-and-trust%2Fchangelog.Debian.gz%0A%2Fusr%2Fshare%2Fdoc%2Fplug-and-trust%2Fcopyright%0A%2Fusr%2Flib%2Farm-linux-gnueabihf%2Flibsssapisw.so.4%3C%2FCODE%3E%3C%2FPRE%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1856536%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20pkcs11-tool%20generates%202%20private%20keys%20for%20keypairgen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1856536%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F232787%22%20target%3D%22_blank%22%3E%40user4%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3EMay%20I%20have%20the%20MW%20version%3F%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3EHave%20a%20great%20day%2C%3CBR%20%2F%3EKan%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E-------------------------------------------------------------------------------%3CBR%20%2F%3ENote%3A%3CBR%20%2F%3E-%20If%20this%20post%20answers%20your%20question%2C%20please%20click%20the%20%22Mark%20Correct%22%20button.%20Thank%20you!%3CBR%20%2F%3E-%20We%20are%20following%20threads%20for%207%20weeks%20after%20the%20last%20post%2C%20later%20replies%20are%20ignored%3CBR%20%2F%3EPlease%20open%20a%20new%20thread%20and%20refer%20to%20the%20closed%20one%2C%20if%20you%20have%20a%20related%20question%20at%20a%20later%20point%20in%20time.%3CBR%20%2F%3E-------------------------------------------------------------------------------%3C%2FP%3E%3C%2FLINGO-BODY%3E