帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Encrypted DEK decryption error

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Encrypted DEK decryption error

‎04-01-2021 03:51 AM
2,816 次查看
kanimozhi_t
Contributor V

Hi,

We're trying to encrypt the DEK for manufacturing protection following AN 12056

We have encrypted the DEK with CST as follows,

./cst -out csf_encrypt.txt -c CSF1_crt.pem -i csf_encrypt.bin

However when we try to decrypt the encrypted DEK (as produced in above step), we get the following error:

openssl cms -decrypt -in /cst_encrypt_sign/dek_spl.bin -inform DER -out ./dek_spl_dec.bin -binary -inkey /CSF1_1_sha256_2048_65537_v3_usr_key.pem -passin file:/key_pass_in.txt

Error reading S/MIME message\n140193583093056:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1149:\n140193583093056:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:309:Type=CMS_ContentInfo\n

 

We're following the NXP app note closely, yet receiving these errors.

What are the steps to be followed for encrypting and decrypting the DEK with CST?

标签 (2)
标签
0 项奖励
回复
3 回复数

‎04-08-2021 08:30 AM
2,797 次查看
IvanRuiz
NXP Employee
NXP Employee

Hello,

 

Could you please tell me your CST tool version and your OpenSSL version?

 

Thank you,

Ivan.

回复

‎04-08-2021 10:32 PM
2,788 次查看
kanimozhi_t
Contributor V

Hi,

 

We're using

  1. CST version 3.3.1 and
  2. OpenSSL version 1.1.1

and tried on both Ubuntu 18.04 and 20.04 yet no success.

0 项奖励
回复

‎04-21-2021 02:44 PM
2,762 次查看
IvanRuiz
NXP Employee
NXP Employee

Hello,

 

Seems that the front-end code of CST 3.3.1(also for CST3.1) has the issue. "-c" doesn't really work to input the public certification. 

 Need to add a ":" after c in cst.c in front end code and then rebuild the cst tool, then it can work.

IvanRuiz_0-1619041406354.png

 

I tried with below command and it work by updated cst binary.

-----

./cst -o csf_enc.bin -c IMG1_1_sha256_2048_65537_v3_usr_crt.pem -i csf_uboot_enc.txt

 ./openssl cms -decrypt -binary -in dek.bin -inform DER -inkey IMG1_1_sha256_2048_65537_v3_usr_key.pem -out decrypted_dek.bin --passin pass:test

-----

Please note that the dek.bin's size is 439 bytes(not 16 bytes) after you really encrypt the dek by the first command.

 

Hope it helps!

 

BR,

Ivan.

回复