NCS 2.6.1
nRF52840
I am changing my project from NCS 2.4.1 to NCS 2.6.1.
Looking here: https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/releases_and_maturity/migration/migration_guide_2.6.html (under Security).
I see that RSA keys are disabled now. How do you enable them?
prj.conf
CONFIG_NRF_SECURITY=y CONFIG_NRF_SECURITY_ADVANCED=y CONFIG_MBEDTLS_TLS_LIBRARY=y CONFIG_MBEDTLS_X509_LIBRARY=y CONFIG_MBEDTLS_X509_REMOVE_INFO=n # Add in mbedtls elements disabled by openthread, but needed by certificates CONFIG_MBEDTLS_CIPHER_MODE_CTR=y CONFIG_MBEDTLS_CHACHA20_C=y CONFIG_MBEDTLS_POLY1305_C=y CONFIG_MBEDTLS_CHACHAPOLY_C=y CONFIG_MBEDTLS_DHM_C=y CONFIG_MBEDTLS_RSA_C=y CONFIG_MBEDTLS_SHA512_C=y CONFIG_MBEDTLS_GCM_C=y CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED=y CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED=y CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED=y CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED=y CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=y #CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED=y CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED=y CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=y CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED=y CONFIG_MBEDTLS_ECDSA_DETERMINISTIC=y CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED=y CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED=y # NCS 2.6.1 CONFIG_PSA_WANT_RSA_KEY_SIZE_4096=y
Some of the "KEY_EXCHANGE" configs end up set to 'n' in .config.
I'm working with x509 certificates. When reading and parsing a certificate,
mbedtls_x509_get_sig_alg() returns -0x282E (Unknown Signature Algorithm)
Edit: Sorry, the error code returned was -0x262E
How do I re-enable RSA keys?
Mary
