Encrypted DEK decryption error

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Encrypted DEK decryption error

2,042件の閲覧回数
kanimozhi_t
Contributor V

Hi,

We're trying to encrypt the DEK for manufacturing protection following AN 12056

We have encrypted the DEK with CST as follows,

./cst -out csf_encrypt.txt -c CSF1_crt.pem -i csf_encrypt.bin

However when we try to decrypt the encrypted DEK (as produced in above step), we get the following error:

openssl cms -decrypt -in /cst_encrypt_sign/dek_spl.bin -inform DER -out ./dek_spl_dec.bin -binary -inkey /CSF1_1_sha256_2048_65537_v3_usr_key.pem -passin file:/key_pass_in.txt

Error reading S/MIME message\n140193583093056:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1149:\n140193583093056:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:309:Type=CMS_ContentInfo\n

 

We're following the NXP app note closely, yet receiving these errors.

What are the steps to be followed for encrypting and decrypting the DEK with CST?

ラベル(2)
0 件の賞賛
返信
3 返答(返信)

2,023件の閲覧回数
IvanRuiz
NXP Employee
NXP Employee

Hello,

 

Could you please tell me your CST tool version and your OpenSSL version?

 

Thank you,

Ivan.

2,014件の閲覧回数
kanimozhi_t
Contributor V

Hi,

 

We're using

  1. CST version 3.3.1 and
  2. OpenSSL version 1.1.1

and tried on both Ubuntu 18.04 and 20.04 yet no success.

0 件の賞賛
返信

1,988件の閲覧回数
IvanRuiz
NXP Employee
NXP Employee

Hello,

 

Seems that the front-end code of CST 3.3.1(also for CST3.1) has the issue. "-c" doesn't really work to input the public certification. 

 Need to add a ":" after c in cst.c in front end code and then rebuild the cst tool, then it can work.

IvanRuiz_0-1619041406354.png

 

I tried with below command and it work by updated cst binary.

-----

./cst -o csf_enc.bin -c IMG1_1_sha256_2048_65537_v3_usr_crt.pem -i csf_uboot_enc.txt

 ./openssl cms -decrypt -binary -in dek.bin -inform DER -inkey IMG1_1_sha256_2048_65537_v3_usr_key.pem -out decrypted_dek.bin --passin pass:test

-----

Please note that the dek.bin's size is 439 bytes(not 16 bytes) after you really encrypt the dek by the first command.

 

Hope it helps!

 

BR,

Ivan.