AnsweredAssumed Answered

A1006 client certificate is not usable

Question asked by Naveen Kumar on Jan 13, 2019
Latest reply on Feb 13, 2019 by Estephania Martinez

I want to validate and extract public key from the client certificate stored in Rapid IOT's A1006 authenticator secure element. In fact, I am not able to parse it. 


My workflow:

  1. Read certificate from the A1006 chip  (using ATMO_MK64F_Auth_GetCert) 
  2. Convert it to base64 (using RPK_Base64_Encode)
  3. Debug print on the serial console (using ATMO_PLATFORM_DebugPrint)


I am printing the certificate character by character using ATMO_PLATFORM_DebugPrint since the function seems not supporting string longer than 64 characters.


The base64 encoded certificate:



I stored the certificate to a file (cert.pem) and made it PEM format:







When I tried to parse:

$ openssl x509 -in cert.pem  -text  -noout

unable to load certificate

4618929600:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1130:

4618929600:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:290:Type=X509

4618929600:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:crypto/pem/pem_oth.c:33:


I also tried to Debug print the certificate in base16 hex:


I can confirm the content of the certificate (hex base16) above is same as the value of the BLE characteristic aa386522826cc0cdaccf40096d5876de which also read the certificate ( I checked the  OOB example code in MCUXpresso).


 I assume the format is x509 DER format stored in the A1006. Is the certificate further encrypted or corrupted?