AnsweredAssumed Answered

A1006 client certificate is not usable

Question asked by Naveen Kumar on Jan 13, 2019
Latest reply on Feb 13, 2019 by Estephania Martinez

I want to validate and extract public key from the client certificate stored in Rapid IOT's A1006 authenticator secure element. In fact, I am not able to parse it. 

 

My workflow:

  1. Read certificate from the A1006 chip  (using ATMO_MK64F_Auth_GetCert) 
  2. Convert it to base64 (using RPK_Base64_Encode)
  3. Debug print on the serial console (using ATMO_PLATFORM_DebugPrint)

 

I am printing the certificate character by character using ATMO_PLATFORM_DebugPrint since the function seems not supporting string longer than 64 characters.

 

The base64 encoded certificate:

TlhQIFN5c3RlbVJhcGlkIElvVCAgIASSc/L4Ufmi2AJELjQ/6c1dBLaoSwDRko7jrmtOvJkqe+rUIVAe44X4xTA8Ahx8Y9Usm48QYQfCNVYFL2z8v2IyYjxNya3BXw2+AhxvnILvfKv8UYHx3/pHymAfGkOuDjFHNoo85FbiAAA=

 

I stored the certificate to a file (cert.pem) and made it PEM format:

-----BEGIN CERTIFICATE-----

TlhQIFN5c3RlbVJhcGlkIElvVCAgIASSc/L4Ufmi2AJELjQ/6c1dBLaoSwDRko7j

rmtOvJkqe+rUIVAe44X4xTA8Ahx8Y9Usm48QYQfCNVYFL2z8v2IyYjxNya3BXw2+

AhxvnILvfKv8UYHx3/pHymAfGkOuDjFHNoo85FbiAAA=

-----END CERTIFICATE-----

 

When I tried to parse:

$ openssl x509 -in cert.pem  -text  -noout

unable to load certificate

4618929600:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1130:

4618929600:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:290:Type=X509

4618929600:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:crypto/pem/pem_oth.c:33:

 

I also tried to Debug print the certificate in base16 hex:

4E58502053797374656D526170696420496F54202020049273F2F851F9A2D802442E343FE9CD5D04B6A84B00D1928EE3AE6B4EBC992A7BEAD421501EE385F8C5303C021C7C63D52C9B8F106107C23556052F6CFCBF6232623C4DC9ADC15F0DBE021C6F9C82EF7CABFC5181F1DFFA47CA601F1A43AE0E3147368A3CE456E20000

I can confirm the content of the certificate (hex base16) above is same as the value of the BLE characteristic aa386522826cc0cdaccf40096d5876de which also read the certificate ( I checked the  OOB example code in MCUXpresso).

 

 I assume the format is x509 DER format stored in the A1006. Is the certificate further encrypted or corrupted?

Outcomes