addimg my custom rsa 2048 public key to the optee with pkcs11-tool

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

addimg my custom rsa 2048 public key to the optee with pkcs11-tool

跳至解决方案
657 次查看
greeran
Contributor III

hi

i would like to be ablle to add my public key to the opttee via pkcs11. my motivation is that on installing the bsp i will also add public keys that cannot be modified only deleted. I created a public key with openssl 

openssl genrsa -aes256 -passout pass:test -out package_update_2048_priv.pem 2048

then created the public key 

openssl rsa -in package_update_2048_priv.pem -passin pass:test -pubout -out package_update_2048_pub.pem

but when i tried to add it with pkcs11-tool i get atribure error

pkcs11-tool --module /usr/lib/libckteec.so.0 --login --pin 12345678 --write-object /home/root/package_update_2048_pub.pem --type pubkey --id 12345 --label "My Pub Key 2" --slot 0

Created public key:
warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

 

could someone point out what attribute i need to add/change to succeed in adding my public key 

thanks

 

标记 (1)
0 项奖励
回复
1 解答
584 次查看
greeran
Contributor III

thanks for the reply. the manual did not help with solving the problem but i created a certificate (that includes a public key) and the pkcs11-tool was able to write it to the optee. for now its sufficient but in the future i might debug loading a public key and understand what attribute is causing the error 

thanks

 

在原帖中查看解决方案

标记 (1)
0 项奖励
回复
2 回复数
628 次查看
Harvey021
NXP TechSupport
NXP TechSupport

Hi,

Would recommend to refer to the optee_os/ta/pkcs11/src/object.c at master · OP-TEE/optee_os · GitHub

Also, a reference to the p11tool from Linux User guide.

 

Regards

Harvey

0 项奖励
回复
585 次查看
greeran
Contributor III

thanks for the reply. the manual did not help with solving the problem but i created a certificate (that includes a public key) and the pkcs11-tool was able to write it to the optee. for now its sufficient but in the future i might debug loading a public key and understand what attribute is causing the error 

thanks

 

标记 (1)
0 项奖励
回复