SE050: Is it possible to read the public key of an imported EC private key?

S_GUED

Hi,

I am trying to build an application that needs to support importing private ECC keys.
This can be done through the `WriteEcKey` APDU. Since when importing I only have access to the private key, I use it with the `P1KeyType` `P1_PRIVATE`. I then need to be able to read the public key, but for that, reading the object fails with status code: `COMMAND_NOT_ALLOWED_NO_EF`.

I tried first deriving the public key corresponding to the imported private key, and importing both with `P1_KEYPAIR`. This works and I can then use `ReadObject` to read the public key.

However this requires having a software implementation. Is there a way to derive a public key from a private key using only the SE050?

Thanks,
Sosthene

Kan_Li

Hi @S_GUED ,

I think there might be some misunderstanding here, public key and private key are both parts of a key pair, but if you just import the private key with the `P1KeyType` `P1_PRIVATE`, the key slot doesn't contain the public key at all. That is why you failed in the first use case. Only when you import the key pair , then you may read the public key out if the secure object policy allows.

Hope that makes sense,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

S_GUED

This is exactly what I understand too. The issue is that I only have the private key available, but I wish to obtain the public key from it.

I understand that importing it with `P1_PRIVATE` means the public key is not store.
I cannot import it with `P1_KEYPAIR` because I don't have the public key at this point.

My question is:

Is there any way to obtain the pubilc key, given an external Private ECC key, that will be imported to the SE050?

Kan_Li

Hi @S_GUED ,

I think for this topic you may easily find the answer via google search, for example, the answer based on openssl command:

https://www.scottbrady91.com/openssl/creating-elliptical-curve-keys-using-openssl

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

S_GUED

So the response for doing it on the SE050 is no?

I don't want to implement that functionality in software. Our use case is very limited in the size our binary can get to, so we would much rather do it through the SE050 hardware than have to integrate ECC arithmetic to our firmware.

Kan_Li

Hi @S_GUED ,

Alternatively you may generate the key pair inside SE050, and may read the pub key out in that case, but any private key generated inside can not be read out otherwise no security at all.

Hope that makes sense,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

SE050: Is it possible to read the public key of an imported EC private key?

SE050: Is it possible to read the public key of an imported EC private key?

Smart Cards