ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

SE050: Is it possible to read the public key of an imported EC private key?

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

SE050: Is it possible to read the public key of an imported EC private key?

‎04-24-2024 03:09 AM
326件の閲覧回数
S_GUED
Contributor I

Hi,

I am trying to build an application that needs to support importing private ECC keys.
This can be done through the `WriteEcKey` APDU. Since when importing I only have access to the private key, I use it with the `P1KeyType` `P1_PRIVATE`. I then need to be able to read the public key, but for that, reading the object fails with status code: `COMMAND_NOT_ALLOWED_NO_EF`.

I tried first deriving the public key corresponding to the imported private key, and importing both with `P1_KEYPAIR`. This works and I can then use `ReadObject` to read the public key.

However this requires having a software implementation. Is there a way to derive a public key from a private key using only the SE050?

Thanks,
Sosthene

ラベル(1)
ラベル
0 件の賞賛
返信
5 返答(返信)

‎04-24-2024 10:03 PM
311件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @S_GUED ,

 

I think there might be some misunderstanding here, public key and private key are both parts of a key pair, but if you just import the private key with the `P1KeyType` `P1_PRIVATE`, the key slot doesn't contain the public key at all. That is why you failed in the first use case. Only when you import the key pair , then you may read the public key out if the secure object policy allows.

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 件の賞賛
返信

‎04-25-2024 12:19 AM
306件の閲覧回数
S_GUED
Contributor I

This is exactly what I understand too. The issue is that I only have the private key available, but I wish to obtain the public key from it.

I understand that importing it with `P1_PRIVATE` means the public key is not store.
I cannot import it with `P1_KEYPAIR` because I don't have the public key at this point.

My question is:

Is there any way to obtain the pubilc key, given an external Private ECC key, that will be imported to the SE050?

0 件の賞賛
返信

‎04-25-2024 12:25 AM
304件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @S_GUED ,

 

I think for this topic you may easily find the answer via google search, for example, the answer based on openssl command:

https://www.scottbrady91.com/openssl/creating-elliptical-curve-keys-using-openssl

 

Hope that helps,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 件の賞賛
返信

‎04-25-2024 12:28 AM
301件の閲覧回数
S_GUED
Contributor I

So the response for doing it on the SE050 is no?


I don't want to implement that functionality in software. Our use case is very limited in the size our binary can get to, so we would much rather do it through the SE050 hardware than have to integrate ECC arithmetic to our firmware.

0 件の賞賛
返信

‎04-25-2024 12:34 AM
298件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @S_GUED ,

 

Alternatively you may generate the key pair inside SE050, and may read the pub key out in that case, but any private key generated inside can not be read out otherwise no security at all.

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 件の賞賛
返信