srktool Error to read certificate data generated by ahab_pki_tree.sh script

takayuki_ishii · ‎06-10-2022

Hello community.

I try to generate SRK table.bin and fuse.bin file in ahab/introduction_ahab.txt

First, generate .pem files by ahab_pki_tree.sh script in section 2.

Next, run srktool with generated SRKx_sha384_secp384r1_v3_usr_key.pem files.

But srktool return rad error as following.

$ srktool -a -s sha384 -t SRK_1_2_3_4_table.bin -e SRK_1_2_3_4_fuse.bin -f 1 -c SRK1_sha384_secp384r1_v3_usr_key.pem,SRK2_sha384_secp384r1_v3_usr_key.pem,SRK3_sha384_secp384r1_v3_usr_key.pem,SRK4_sha384_secp384r1_v3_usr_key.pem

[ERROR] SRKTOOL: Error! Failed to read certificate data from SRK1_sha384_secp384r1_v3_usr_key.pem

In document introduction_ahab.txt or others.

It seems that X.509v3 certificate filenames is SRKx_xxxx_usr_crt.pem not SRKx_xxxx_usr_key.pem.

Is it need some more operate to generate xxxx_usr_crt.pem file?

cst tool is used cst-3.3.1.

Best regards,

Ishii.

Zhiming_Liu · ‎06-14-2022

It seems that X.509v3 certificate filenames is SRKx_xxxx_usr_crt.pem not SRKx_xxxx_usr_key.pem.

-->Yes, you need check your step about generating .pem file.

View solution in original post

takayuki_ishii · ‎06-19-2022

Hello Qmiller,

Thank you for your reply.

It worked fine if I used ”cst-3.3.1/crts/SRKx_xxxx_usr_crt.pem” instead of "cst-3.3.1/keys/SRKx_xxxx_usr_key.pem" files.

Best regards,

Ishii.

Zhiming_Liu · ‎06-14-2022

It seems that X.509v3 certificate filenames is SRKx_xxxx_usr_crt.pem not SRKx_xxxx_usr_key.pem.

-->Yes, you need check your step about generating .pem file.