Comments (7)
ayushev
commented on May 30, 2024
Hi Vedat,
the samples you have are pre-provisioned by Infineon with the default PKI setup (the file to which you are referring). After order more than a Minimum Order Quantity it is possible to define your own configuration of the PKI. In case of the order less than this amount, there are still options to personalize the samples either via this application note, or via distributors.
That was sort of an intro. Answering your question, the end device certificate (bottom level in the picture) is the only certificate you can find by default on OPTIGA(TM) Trust X (except for Trust Anchors). The other two certificates are common among all default samples (including your sample).
These certificates can be found here:
- Intermediate Level:
- Top Level:
The example code to read out the end device certificate can be found as you mentioned either in Nordic SDK or in the example_optiga_util_read_data.c
from optiga-trust-x.
ozanoner
commented on May 30, 2024
Thanks for the answer, Artem! So where is the corresponding private key of that default certificate? Stored in eFIRST_DEVICE_PRIKEY_1?
from optiga-trust-x.
ayushev
commented on May 30, 2024
You are welcome!
Yes, the Object ID of this slot (one of four) is 0xE0F0, which is defined in the code as eFIRST_DEVICE_PRIKEY_1
from optiga-trust-x.
ozanoner
commented on May 30, 2024
Is there anyway to extract it? I tried to read it (optiga_util_read_data), but gives error of 'Access conditions not satisfied 0x07'.
The value of its metadata (optiga_util_read_metadata):
20 06 E0 01 03 E1 01 01
E0 -> Algorithm associated with key container (value: Elliptic Curve Key on NIST P256 curve)
E1 -> Key usage associated with key container (value: Auth)
I don't see anything regarding to 'read' policy.
from optiga-trust-x.
ayushev
commented on May 30, 2024
A short answer is neither you nor anybody else can read out the private key, due to security reasons.
The private key can't be imported as well, only as a part of the keypair generation routine you can create the private part.
You can't read the private key because the access conditions are not satisfied (the access conditions for this objects is Execute/EXE, which means it can only be used internally by the Trust X; e.g. by the signature generation routine)
More about access conditions you can find here
from optiga-trust-x.
ozanoner
commented on May 30, 2024
It is clear now. I thought it needs to be queried, by looking at examples in the solution reference manual. Sorry for taking your time.
from optiga-trust-x.
ayushev
commented on May 30, 2024
You ask reasonable questions which hopefully can help others answer their.
from optiga-trust-x.
Related Issues (20)
- [documentation] optiga_crypt_ecdsa_sign HOT 1
- PAL Linux GPIO buffer max length values HOT 1
- keypair generation at index OPTIGA_KEY_STORE_ID_E0F0 always fails. HOT 3
- Signature verification fails HOT 11
- Public key location for pregenerated private key HOT 1
- Storing data on the GP memory HOT 4
- Wrong oid (object id) used in wiki
- AES using optiga and NRF52840 HOT 8
- On chip encryption - Trust X SLS 32AIA HOT 2
- Multiple definition of mbedtls_hardware_poll() HOT 1
- Warning in example_optiga_util_write_data.c HOT 1
- Using Trust-X for 1-way MQTT Authentication HOT 3
- Unclosed extern "C"
- I2C write bug HOT 1
- Mbed OS PAL outdated HOT 2
- There is a edit error HOT 1
- Cannot verify signature using internal certificate HOT 17
- Power consumption in "Power Profile" HOT 1
- Add Popcorn Computer's PocketP.C. i2c pal file
- Re-accessing locked data slots HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from optiga-trust-x.