FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

addimg my custom rsa 2048 public key to the optee with pkcs11-tool

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

addimg my custom rsa 2048 public key to the optee with pkcs11-tool

Jump to solution
4 weeks ago
143 Views
greeran
Contributor III

hi

i would like to be ablle to add my public key to the opttee via pkcs11. my motivation is that on installing the bsp i will also add public keys that cannot be modified only deleted. I created a public key with openssl 

openssl genrsa -aes256 -passout pass:test -out package_update_2048_priv.pem 2048

then created the public key 

openssl rsa -in package_update_2048_priv.pem -passin pass:test -pubout -out package_update_2048_pub.pem

but when i tried to add it with pkcs11-tool i get atribure error

pkcs11-tool --module /usr/lib/libckteec.so.0 --login --pin 12345678 --write-object /home/root/package_update_2048_pub.pem --type pubkey --id 12345 --label "My Pub Key 2" --slot 0

Created public key:
warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

 

could someone point out what attribute i need to add/change to succeed in adding my public key 

thanks

 

Tags (1)
0 Kudos
Reply
1 Solution

Jump to solution
2 weeks ago
70 Views
greeran
Contributor III

thanks for the reply. the manual did not help with solving the problem but i created a certificate (that includes a public key) and the pkcs11-tool was able to write it to the optee. for now its sufficient but in the future i might debug loading a public key and understand what attribute is causing the error 

thanks

 

View solution in original post

Tags (1)
0 Kudos
Reply
2 Replies

Jump to solution
3 weeks ago
114 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi,

Would recommend to refer to the optee_os/ta/pkcs11/src/object.c at master · OP-TEE/optee_os · GitHub

Also, a reference to the p11tool from Linux User guide.

 

Regards

Harvey

0 Kudos
Reply

Jump to solution
2 weeks ago
71 Views
greeran
Contributor III

thanks for the reply. the manual did not help with solving the problem but i created a certificate (that includes a public key) and the pkcs11-tool was able to write it to the optee. for now its sufficient but in the future i might debug loading a public key and understand what attribute is causing the error 

thanks

 

Tags (1)
0 Kudos
Reply