Error getting ECC private key using OpenSSL EC key processing
Closed this issue · 3 comments
thomas-at-rock7 commented
When experimenting around with trustm_engine and OpenSSL. I have noticed that it is not possible to get a private ECC key using the trustm_engine with OpenSSL EC key processing.
For example for RSA I can do the following:
openssl pkey -engine trustm_engine -inform engine -in 0xe0fc:*:NEW:0x42:0x13 -out example_rsa_private.pem
Which will generate a 2048 RSA key for Auth/Enc/Sign, stored in OID 0xe0fc (0xf1e0) and a output of the private key in example_rsa_private.pem.
However if I do the same for a ECC key it fails with errors.
openssl ec -engine trustm_engine -inform engine -in 0xe0f1:*:NEW:0x04:0x13 -out example_ecc_private.pem
I would expect a generated a 384 ECC key for Auth/Enc/Sign, stored in OID 0xe0f1 (0xf1d1) and a output of the private key in example_ecc_private.pem. I believe it generates the key pair, just fails outputting the private key as it works when doing the public key with -pubout.
I get the following errors:
writing EC key
unable to write private key
3069517840:error:100C0010:elliptic curve routines:i2d_ECPrivateKey:EC lib:../openssl-1.1.1j/crypto/ec/ec_asn1.c:1097:
3069517840:error:0906900D:PEM routines:PEM_ASN1_write_bio:ASN1 lib:../openssl-1.1.1j/crypto/pem/pem_lib.c:336
Full debug logs of OpenSSL EC command
root@hostname:~# openssl ec -engine trustm_engine -inform engine -in 0xe0f1:*:NEW:0x04:0x13 -out example_ecc_private.pem
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:988 bind: >
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:106 __trustmEngine_ipcInit: Shared memory segment exists - opening as client
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:146 trustmEngine_ipc_acquire: Check if TrustM Open:queue 43605:current:432:Delay 33
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:150 trustmEngine_ipc_acquire: Resource seized by 432
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:177 trustmEngine_ipc_acquire: Lock queue 432
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:911 engine_init: > Engine 0x1d7d378 init
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:914 engine_init: Initializing
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:183 trustmEngine_Open: >
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:106 __trustmEngine_ipcInit: Shared memory segment exists - opening as client
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:146 trustmEngine_ipc_acquire: Check if TrustM Open:queue 432:current:432:Delay 33
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:177 trustmEngine_ipc_acquire: Lock queue 432
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:201 trustmEngine_Open: optiga_util_create OK
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:215 trustmEngine_Open: optiga_crypt_create OK
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:221 trustmEngine_Open: TrustM crypt instance created.
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:222 trustmEngine_Open: TrustM Open.
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:226 trustmEngine_Open: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_rsa.c:653 trustmEngine_init_rsa: >
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_rsa.c:682 trustmEngine_init_rsa: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ec.c:585 trustmEngine_init_ec: >
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ec.c:607 trustmEngine_init_ec: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:980 engine_init: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:192 trustmEngine_ipc_release: release shared memory
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:1043 bind: <
engine "trustm_engine" set.
read EC key
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:106 __trustmEngine_ipcInit: Shared memory segment exists - opening as client
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:146 trustmEngine_ipc_acquire: Check if TrustM Open:queue 43605:current:432:Delay 33
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:150 trustmEngine_ipc_acquire: Resource seized by 432
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:177 trustmEngine_ipc_acquire: Lock queue 432
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:766 engine_load_privkey: > key_id : 0xe0f1:*:NEW:0x04:0x13
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:488 parseKeyParams: >
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:238 trustmEngine_App_Open_Recovery: >
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:270 trustmEngine_App_Open: >
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:183 trustmEngine_Open: >
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:106 __trustmEngine_ipcInit: Shared memory segment exists - opening as client
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:146 trustmEngine_ipc_acquire: Check if TrustM Open:queue 432:current:432:Delay 33
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:177 trustmEngine_ipc_acquire: Lock queue 432
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:203 trustmEngine_Open: TrustM util instance exists.
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:218 trustmEngine_Open: TrustM crypt instance exists.
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:221 trustmEngine_Open: TrustM crypt instance created.
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:222 trustmEngine_Open: TrustM Open.
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:226 trustmEngine_Open: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:294 trustmEngine_App_Open: No hibernate ctx found. Skip restore
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:124 trustmEngine_WaitForCompletion: max wait_time:6000, Tick Counter: 16
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:307 ++done.
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:346 trustmEngine_App_Open: Success : optiga_util_open_application
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:349 trustmEngine_App_Open: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:259 trustmEngine_App_Open_Recovery: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:530 parseKeyParams: ---> token [0] = 0xe0f1
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:685 parseKeyParams: found NEW
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:124 trustmEngine_WaitForCompletion: max wait_time:6000, Tick Counter: 5
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:450 trustmEngine_App_Close: Success : optiga_util_close_application
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:360 trustmEngine_Close: >
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:365 trustmEngine_Close: optiga_crypt_destroy
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:374 trustmEngine_Close: optiga_util_destroy
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:384 trustmEngine_Close: TrustM Closed.
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:385 trustmEngine_Close: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:192 trustmEngine_ipc_release: release shared memory
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:461 trustmEngine_App_Close: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:704 parseKeyParams: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:776 engine_load_privkey: KEY_OID : 0xe0f1
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:777 engine_load_privkey: Pubkey :
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:778 engine_load_privkey: PubkeyLen : 0
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:779 engine_load_privkey: PubkeyHeader : 0
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:780 engine_load_privkey: PubkeyStore : 0xF1D1
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:782 engine_load_privkey: RSA key type : 0x00
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:783 engine_load_privkey: RSA key usage : 0x00
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:784 engine_load_privkey: RSA key flag : 0x00
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:786 engine_load_privkey: EC key type : 0x04
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:787 engine_load_privkey: EC key usage : 0x13
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:788 engine_load_privkey: EC key flag : 0x01
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ec.c:410 trustm_ec_loadkey: >
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ec.c:189 trustm_ec_generatekey: >
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:238 trustmEngine_App_Open_Recovery: >
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:270 trustmEngine_App_Open: >
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:183 trustmEngine_Open: >
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:106 __trustmEngine_ipcInit: Shared memory segment exists - opening as client
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:146 trustmEngine_ipc_acquire: Check if TrustM Open:queue 43605:current:432:Delay 33
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:150 trustmEngine_ipc_acquire: Resource seized by 432
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:177 trustmEngine_ipc_acquire: Lock queue 432
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:201 trustmEngine_Open: optiga_util_create OK
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:215 trustmEngine_Open: optiga_crypt_create OK
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:221 trustmEngine_Open: TrustM crypt instance created.
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:222 trustmEngine_Open: TrustM Open.
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:226 trustmEngine_Open: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:294 trustmEngine_App_Open: No hibernate ctx found. Skip restore
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:304 trustmEngine_App_Open: waiting...
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:124 trustmEngine_WaitForCompletion: max wait_time:6000, Tick Counter: 18
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:307 ++done.
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:346 trustmEngine_App_Open: Success : optiga_util_open_application
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:349 trustmEngine_App_Open: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:259 trustmEngine_App_Open_Recovery: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:124 trustmEngine_WaitForCompletion: max wait_time:6000, Tick Counter: 141
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:124 trustmEngine_WaitForCompletion: max wait_time:6000, Tick Counter: 5
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:450 trustmEngine_App_Close: Success : optiga_util_close_application
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:360 trustmEngine_Close: >
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:365 trustmEngine_Close: optiga_crypt_destroy
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:374 trustmEngine_Close: optiga_util_destroy
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:384 trustmEngine_Close: TrustM Closed.
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:385 trustmEngine_Close: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ipc_lock.c:192 trustmEngine_ipc_release: release shared memory
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:461 trustmEngine_App_Close: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ec.c:319 trustm_ec_generatekey: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine_ec.c:465 trustm_ec_loadkey: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:819 engine_load_privkey: <
writing EC key
unable to write private key
3069739024:error:100C0010:elliptic curve routines:i2d_ECPrivateKey:EC lib:../openssl-1.1.1j/crypto/ec/ec_asn1.c:1097:
3069739024:error:0906900D:PEM routines:PEM_ASN1_write_bio:ASN1 lib:../openssl-1.1.1j/crypto/pem/pem_lib.c:336:
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:748 engine_finish: > Engine 0x1d7d378 finish (releasing functional reference)
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:749 engine_finish: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:713 engine_destroy: > Engine 0x1d7d378 destroy
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:360 trustmEngine_Close: >
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:384 trustmEngine_Close: TrustM Closed.
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:385 trustmEngine_Close: <
432:/usr/src/debug/optiga-trust-m-cli/1.0+gitAUTOINC+6c02abc442-r0/git/trustm_engine/trustm_engine.c:742 engine_destroy: <
Metadata of `0xE0F1`
========================================================
Device EC Privte Key x [0xE0F1]
[Size 0019] :
20 11 C0 01 01 D0 03 E1 FC 07 D3 01 00 E0 01 04
E1 01 13
LcsO:0x01, C:LcsO<0x07, E:ALW, Algo:ECC384, Key:Auth/Enc/Sign,
========================================================Metadata of `0xE0FC`
========================================================
Device RSA Privte Key x [0xE0FC]
[Size 0019] :
20 11 C0 01 01 D0 03 E1 FC 07 D3 01 00 E0 01 42
E1 01 13
LcsO:0x01, C:LcsO<0x07, E:ALW, Algo:RSA2048, Key:Auth/Enc/Sign,
========================================================As you may of seen from the debug logs my openssl version OpenSSL 1.1.1j 16 Feb 2021.
Thanks
Thomas
thomas-at-rock7 commented
After further thought I believe this is intentional. After actually looking into the RSA key exported it seems to be truncated and not a valid key. So maybe the EC errors are are acceptable but maybe the RSA key export through OpenSSL pkey or OpenSSL rsa should behave like OpenSSL ec and raise a error "unable to write private key".
ayushev commented
Hello @thomas-at-rock7
thanks for the details and thoroughly contructed issue report.
The chip can either store a private key internally and export at the same time the public component, or export both of them and don't store the private component internally.
thomas-at-rock7 commented
@ayushev thanks. That's as I thought, when I submitted the issue report I seemed to forget about the main function of the device. A bit of "D'oh!" moment.