ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Encrypted DEK decryption error

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Encrypted DEK decryption error

‎04-01-2021 03:51 AM
1,937件の閲覧回数
kanimozhi_t
Contributor V

Hi,

We're trying to encrypt the DEK for manufacturing protection following AN 12056

We have encrypted the DEK with CST as follows,

./cst -out csf_encrypt.txt -c CSF1_crt.pem -i csf_encrypt.bin

However when we try to decrypt the encrypted DEK (as produced in above step), we get the following error:

openssl cms -decrypt -in /cst_encrypt_sign/dek_spl.bin -inform DER -out ./dek_spl_dec.bin -binary -inkey /CSF1_1_sha256_2048_65537_v3_usr_key.pem -passin file:/key_pass_in.txt

Error reading S/MIME message\n140193583093056:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1149:\n140193583093056:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:309:Type=CMS_ContentInfo\n

 

We're following the NXP app note closely, yet receiving these errors.

What are the steps to be followed for encrypting and decrypting the DEK with CST?

ラベル(2)
ラベル
0 件の賞賛
返信
3 返答(返信)

‎04-08-2021 08:30 AM
1,918件の閲覧回数
IvanRuiz
NXP Employee
NXP Employee

Hello,

 

Could you please tell me your CST tool version and your OpenSSL version?

 

Thank you,

Ivan.

返信

‎04-08-2021 10:32 PM
1,909件の閲覧回数
kanimozhi_t
Contributor V

Hi,

 

We're using

  1. CST version 3.3.1 and
  2. OpenSSL version 1.1.1

and tried on both Ubuntu 18.04 and 20.04 yet no success.

0 件の賞賛
返信

‎04-21-2021 02:44 PM
1,883件の閲覧回数
IvanRuiz
NXP Employee
NXP Employee

Hello,

 

Seems that the front-end code of CST 3.3.1(also for CST3.1) has the issue. "-c" doesn't really work to input the public certification. 

 Need to add a ":" after c in cst.c in front end code and then rebuild the cst tool, then it can work.

IvanRuiz_0-1619041406354.png

 

I tried with below command and it work by updated cst binary.

-----

./cst -o csf_enc.bin -c IMG1_1_sha256_2048_65537_v3_usr_crt.pem -i csf_uboot_enc.txt

 ./openssl cms -decrypt -binary -in dek.bin -inform DER -inkey IMG1_1_sha256_2048_65537_v3_usr_key.pem -out decrypted_dek.bin --passin pass:test

-----

Please note that the dek.bin's size is 439 bytes(not 16 bytes) after you really encrypt the dek by the first command.

 

Hope it helps!

 

BR,

Ivan.

返信