cancel
Showing results for 
Search instead for 
Did you mean: 

I am Using SBSFU I am not able to get the same private key in der formate which is added in key.c file

PYada.1
Associate III

I am using STM32L562E-DK board.

I am using the SBSFU example. I want to use the ECDSA-256 cryptography scheme.

When I am verifying private with key.c file it does not match

I have used following command to verify private.

openssl ec -in root-ec-p256 -outform DER -out image_sign_pivate.der

xxd -i image_sign_private.der stimage_sign_private.c.import

Output file is as follows

unsigned char a_der[] = {

 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xad, 0x91, 0xc2, 0x93, 0x4b,

 0x72, 0x8b, 0xb1, 0xd7, 0x69, 0x5f, 0x33, 0x77, 0x56, 0x00, 0xd2, 0xd2,

 0x93, 0x84, 0x66, 0xf3, 0xbb, 0x18, 0xe0, 0x22, 0x3b, 0xb6, 0x7c, 0x9e,

 0xdb, 0x14, 0xe5, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,

 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xeb, 0x8f, 0x0e,

 0xd7, 0x62, 0xb8, 0x97, 0xde, 0x46, 0x1c, 0xaa, 0x25, 0xb3, 0xe9, 0x02,

 0x8a, 0xf1, 0x0a, 0x3b, 0x86, 0x2b, 0xc7, 0xdf, 0x8e, 0xd3, 0x72, 0xe6,

 0x6c, 0xe5, 0xc6, 0x9a, 0xba, 0x51, 0x8e, 0x32, 0x4e, 0xb2, 0xdd, 0xfb,

 0xac, 0xeb, 0x71, 0xaf, 0x9f, 0x0c, 0xff, 0x2b, 0xaf, 0x24, 0x72, 0x56,

 0x92, 0xea, 0xc4, 0x14, 0xb2, 0x3b, 0xc6, 0x0b, 0xed, 0xa5, 0x25, 0x7b,

 0x5d

};

unsigned int a_der_len = 121;

but in key.c file

const unsigned char enc_priv_key[] __attribute__((section(".provision"))) = {

 0x30, 0x81, 0x43, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,

 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,

 0x03, 0x01, 0x07, 0x04, 0x29, 0x30, 0x27, 0x02, 0x01, 0x01, 0x04, 0x20,

 0xf6, 0x1e, 0x51, 0x9d, 0xf8, 0xfa, 0xdd, 0xa1, 0xb7, 0xd9, 0xa9, 0x64,

 0x64, 0x3b, 0x54, 0xd0, 0x3d, 0xd0, 0x1f, 0xe5, 0x78, 0xd9, 0x17, 0x98,

 0xa5, 0x28, 0xca, 0xcc, 0x6b, 0x67, 0x9e, 0x06, 0xa1, 0x44,

};

const static unsigned int enc_priv_key_len __attribute__((section(".provision"))) = 70;

SO length and private key content are not the same.

How to verify it?

Am I using the proper command?

3 REPLIES 3
PYada.1
Associate III

@Frantz LEFRERE​ , Can you please help me regarding generating a private key into der formate for EDCSA 256 with 71 bytes private key size (DER formate)?

PYada.1
Associate III

@Frantz LEFRERE​ , Any update regarding it?

Frantz LEFRERE
ST Employee

As you can read in the documentation 

https://www.st.com/resource/en/user_manual/dm00678763-getting-started-with-stm32cubel5-tfm-application-stmicroelectronics.pdf

Table 6. Integrator personalized data in source code 

enc_priv_key : EC 256 private key for AES-CTR key decryption

while 

rootec-256.pem EC 256 private key for secure image signature generation

-> not embedded in the target

Those are two different keys.