Comments (11)
I am not sure why the verify with an external is not working as expected. Can you try to wrap your public key into a certificate and store it at 0xE0E8? Then run the verify again referencing the key mentioned before?
from optiga-trust-x.
Good to hear! You can use the slot 0xE0E8 to store the public key, but it has to be inside of a x509 certificate. OPTIGA Trust X will internally parse the certificate and extract the public key which will be used during the verify command.
from optiga-trust-x.
Lets break it into more steps. Try the following:
- Have a look at this example here
- If you want to use public key from the device you need to store them at slot 0xE0E8 in the form of an x509 certificate.
- Inspect the raw data of the public key that you generate, does it start with a 0x04?
from optiga-trust-x.
my pub key is : 03-42-00-04-dc-8e-c5-a9-54-43-21-c1-50-22-31-69-48-11-8b-a8-15-32-fa-b6-30-c3-6c-55-a4-7e-57-29-2c-09-4b-02-f8-d3-83-4a-f7-77-5b-14-ff-8f-11-dd-22-61-09-2e-08-53-d6-0e-94-96-95-46-e8-3a-49-4d-92-c0-b3-75
I am generating my key pairs like this , so I believe they are already stored in the device.
optiga_key_id = index + OPTIGA_KEY_STORE_ID_E0F0;
optiga_crypt_ecc_generate_keypair(OPTIGA_ECC_NIST_P_256,
(uint8_t)OPTIGA_KEY_USAGE_SIGN,
FALSE,
&optiga_key_id,
public_key,
&public_key_length);
from optiga-trust-x.
Try to strip away the first three bytes, does it change anything?
from optiga-trust-x.
It still fails, funny thing is I can run this example just fine, with the pre-signed digest.
verify example
from optiga-trust-x.
I had a look at your first post. Looks like you are using the wrong oid to verify signature. You have to use the public key stored at 0xF1DC instead of using the private key at 0xE0F1. Correct me if I am wrong.
from optiga-trust-x.
Valid point but how do you know public key one has the address of 0xF1DC ? It shows as GP memory in the wiki. And in the v3_verify_external function above, I inject the pubkey from outside but it gives me :
Invalid parameter in data field | 0x05 | Invalid parameter in command data field
from optiga-trust-x.
I fixed the external verification somehow :) But the verification with the public keys stored inside still doesnt work. It gives me 80001001 error which means invalid OID. What OID should I use for each public key slots ?
from optiga-trust-x.
Thanks a bunch, do you have any documents that shows the assembly of the certificate with the stored public key ? Other than this all my questions have been answered thank you.
from optiga-trust-x.
Happy to hear it works for you.
What you need to do is:
- Generate a new keypair
- Generate a csr with the public key
- Generate a self signed CA
- CA needs to sign the csr
You can find more details here
If you run into troubles create an issue and we will take it from there.
from optiga-trust-x.
Related Issues (20)
- [documentation] optiga_crypt_ecdsa_sign HOT 1
- PAL Linux GPIO buffer max length values HOT 1
- keypair generation at index OPTIGA_KEY_STORE_ID_E0F0 always fails. HOT 3
- Public key location for pregenerated private key HOT 1
- Storing data on the GP memory HOT 4
- Wrong oid (object id) used in wiki
- AES using optiga and NRF52840 HOT 8
- On chip encryption - Trust X SLS 32AIA HOT 2
- Multiple definition of mbedtls_hardware_poll() HOT 1
- Warning in example_optiga_util_write_data.c HOT 1
- Using Trust-X for 1-way MQTT Authentication HOT 3
- Unclosed extern "C"
- I2C write bug HOT 1
- Mbed OS PAL outdated HOT 2
- There is a edit error HOT 1
- Cannot verify signature using internal certificate HOT 17
- Power consumption in "Power Profile" HOT 1
- Add Popcorn Computer's PocketP.C. i2c pal file
- Re-accessing locked data slots HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from optiga-trust-x.