FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

addimg my custom rsa 2048 public key to the optee with pkcs11-tool

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

addimg my custom rsa 2048 public key to the optee with pkcs11-tool

Jump to solution
‎05-12-2024 02:46 AM
2,497 Views
greeran
Contributor IV

hi

i would like to be ablle to add my public key to the opttee via pkcs11. my motivation is that on installing the bsp i will also add public keys that cannot be modified only deleted. I created a public key with openssl 

openssl genrsa -aes256 -passout pass:test -out package_update_2048_priv.pem 2048

then created the public key 

openssl rsa -in package_update_2048_priv.pem -passin pass:test -pubout -out package_update_2048_pub.pem

but when i tried to add it with pkcs11-tool i get atribure error

pkcs11-tool --module /usr/lib/libckteec.so.0 --login --pin 12345678 --write-object /home/root/package_update_2048_pub.pem --type pubkey --id 12345 --label "My Pub Key 2" --slot 0

Created public key:
warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

 

could someone point out what attribute i need to add/change to succeed in adding my public key 

thanks

 

Tags (1)
0 Kudos
Reply
1 Solution

Jump to solution
‎05-20-2024 10:54 PM
2,424 Views
greeran
Contributor IV

thanks for the reply. the manual did not help with solving the problem but i created a certificate (that includes a public key) and the pkcs11-tool was able to write it to the optee. for now its sufficient but in the future i might debug loading a public key and understand what attribute is causing the error 

thanks

 

View solution in original post

Tags (1)
Reply
2 Replies

Jump to solution
‎05-13-2024 07:11 PM
2,468 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi,

Would recommend to refer to the optee_os/ta/pkcs11/src/object.c at master · OP-TEE/optee_os · GitHub

Also, a reference to the p11tool from Linux User guide.

 

Regards

Harvey

0 Kudos
Reply

Jump to solution
‎05-20-2024 10:54 PM
2,425 Views
greeran
Contributor IV

thanks for the reply. the manual did not help with solving the problem but i created a certificate (that includes a public key) and the pkcs11-tool was able to write it to the optee. for now its sufficient but in the future i might debug loading a public key and understand what attribute is causing the error 

thanks

 

Tags (1)
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-1863888%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3Eaddimg%20my%20custom%20rsa%202048%20public%20key%20to%20the%20optee%20with%20pkcs11-tool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1863888%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3Ehi%3C%2FP%3E%3CP%3Ei%20would%20like%20to%20be%20ablle%20to%20add%20my%20public%20key%20to%20the%20opttee%20via%20pkcs11.%20my%20motivation%20is%20that%20on%20installing%20the%20bsp%20i%20will%20also%20add%20public%20keys%20that%20cannot%20be%20modified%20only%20deleted.%20I%20created%20a%20public%20key%20with%20openssl%26nbsp%3B%3C%2FP%3E%3CP%3Eopenssl%20genrsa%20-aes256%20-passout%20pass%3Atest%20-out%20package_update_2048_priv.pem%202048%3C%2FP%3E%3CP%3Ethen%20created%20the%20public%20key%26nbsp%3B%3C%2FP%3E%3CP%3Eopenssl%20rsa%20-in%20package_update_2048_priv.pem%20-passin%20pass%3Atest%20-pubout%20-out%20package_update_2048_pub.pem%3C%2FP%3E%3CP%3Ebut%20when%20i%20tried%20to%20add%20it%20with%20pkcs11-tool%20i%20get%20atribure%20error%3C%2FP%3E%3CP%3Epkcs11-tool%20--module%20%2Fusr%2Flib%2Flibckteec.so.0%20--login%20--pin%2012345678%20--write-object%20%2Fhome%2Froot%2Fpackage_update_2048_pub.pem%20--type%20pubkey%20--id%2012345%20--label%20%22My%20Pub%20Key%202%22%20--slot%200%3C%2FP%3E%3CP%3ECreated%20public%20key%3A%3CBR%20%2F%3Ewarning%3A%20PKCS11%20function%20C_GetAttributeValue(MODULUS_BITS)%20failed%3A%20rv%20%3D%20CKR_ATTRIBUTE_TYPE_INVALID%20(0x12)%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Ecould%20someone%20point%20out%20what%20attribute%20i%20need%20to%20add%2Fchange%20to%20succeed%20in%20adding%20my%20public%20key%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%3C%2FP%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1863888%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CLINGO-LABEL%3Ei.MX%208%20Family%20%7C%20i.MX%208QuadMax%20(8QM)%20%7C%208QuadPlus%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1869380%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20addimg%20my%20custom%20rsa%202048%20public%20key%20to%20the%20optee%20with%20pkcs11-tool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1869380%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3Ethanks%20for%20the%20reply.%20the%20manual%20did%20not%20help%20with%20solving%20the%20problem%20but%20i%20created%20a%20certificate%20(that%20includes%20a%20public%20key)%20and%20the%20pkcs11-tool%20was%20able%20to%20write%20it%20to%20the%20optee.%20for%20now%20its%20sufficient%20but%20in%20the%20future%20i%20might%20debug%20loading%20a%20public%20key%20and%20understand%20what%20attribute%20is%20causing%20the%20error%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%3C%2FP%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1864844%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20addimg%20my%20custom%20rsa%202048%20public%20key%20to%20the%20optee%20with%20pkcs11-tool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1864844%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3EWould%20recommend%20to%20refer%20to%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FOP-TEE%2Foptee_os%2Fblob%2Fmaster%2Fta%2Fpkcs11%2Fsrc%2Fobject.c%23L742%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Eoptee_os%2Fta%2Fpkcs11%2Fsrc%2Fobject.c%20at%20master%20%C2%B7%20OP-TEE%2Foptee_os%20%C2%B7%20GitHub%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EAlso%2C%20a%20reference%20to%20the%20p11tool%20from%20Linux%20User%20guide.%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3ERegards%3C%2FP%3E%0A%3CP%3EHarvey%3C%2FP%3E%3C%2FLINGO-BODY%3E