addimg my custom rsa 2048 public key to the optee with pkcs11-tool

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

addimg my custom rsa 2048 public key to the optee with pkcs11-tool

ソリューションへジャンプ
621件の閲覧回数
greeran
Contributor III

hi

i would like to be ablle to add my public key to the opttee via pkcs11. my motivation is that on installing the bsp i will also add public keys that cannot be modified only deleted. I created a public key with openssl 

openssl genrsa -aes256 -passout pass:test -out package_update_2048_priv.pem 2048

then created the public key 

openssl rsa -in package_update_2048_priv.pem -passin pass:test -pubout -out package_update_2048_pub.pem

but when i tried to add it with pkcs11-tool i get atribure error

pkcs11-tool --module /usr/lib/libckteec.so.0 --login --pin 12345678 --write-object /home/root/package_update_2048_pub.pem --type pubkey --id 12345 --label "My Pub Key 2" --slot 0

Created public key:
warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

 

could someone point out what attribute i need to add/change to succeed in adding my public key 

thanks

 

タグ(1)
0 件の賞賛
返信
1 解決策
548件の閲覧回数
greeran
Contributor III

thanks for the reply. the manual did not help with solving the problem but i created a certificate (that includes a public key) and the pkcs11-tool was able to write it to the optee. for now its sufficient but in the future i might debug loading a public key and understand what attribute is causing the error 

thanks

 

元の投稿で解決策を見る

タグ(1)
0 件の賞賛
返信
2 返答(返信)
592件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

Hi,

Would recommend to refer to the optee_os/ta/pkcs11/src/object.c at master · OP-TEE/optee_os · GitHub

Also, a reference to the p11tool from Linux User guide.

 

Regards

Harvey

0 件の賞賛
返信
549件の閲覧回数
greeran
Contributor III

thanks for the reply. the manual did not help with solving the problem but i created a certificate (that includes a public key) and the pkcs11-tool was able to write it to the optee. for now its sufficient but in the future i might debug loading a public key and understand what attribute is causing the error 

thanks

 

タグ(1)
0 件の賞賛
返信