This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

I like to convert private key to code.

Hello,

  I generate a private key by using nrfutil.

  I like to convert raw data format to use in the code from private key.

  Additionally, I already used a nrf_crypto_ecc_key_pair_generate() function to generate private key.

  But, I don't  know how to convert a format to use it on PC. 

  Any way( private key(*.pem) to code or Key generated from board to PC)  is Okay.

   Please, help me out to resolve this conversion issue.

  Thanks,

     Chongchun Moon

PS C:\work\E-ciga\dfu> nrfutil keys display --key sk --format hex .\test.pem

WARNING: Security risk! Do not share the private key.

Private (signing) key sk:
6a72e923fa15c81782c90a02f6c7e9755d4509c5d9be16e5f9f2830fae7754dc

Parents
  • Hi Moon, 

    Could you clarify what exactly you want to have ?  what exactly is "to code"  that you want ?

    What do you plan to do on PC ? 

  • Sorry for confusion.

     I like to convert private key( which is generated by nrfutil) from *.pem to code style format to use in device.

     What I like to do is verifying authentication on both side PC and device using same private key and public key.

     

    Thanks,

       Chongchun Moon

  • Hello,

      Yes, That's what I want to do it. But, I couldn't make it.

     I generated Private key and public key as below.

    I converted it manually. and replace those keys. I used ECDSA example in SDK.

    static uint8_t m_alice_raw_private_key[] =
    {
        //0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,  // This is an example. DO NOT USE THIS KEY!
        //0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,  // This is an example. DO NOT USE THIS KEY!
        //0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,  // This is an example. DO NOT USE THIS KEY!
        //0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,  // This is an example. DO NOT USE THIS KEY!
        0xb9, 0x54, 0xae, 0x7f, 0xea, 0x69, 0x10, 0x69, 
        0x2b, 0xd6, 0x87, 0x90, 0x72, 0x07, 0x4e, 0xa1, 
        0x51, 0x96, 0x76, 0x92, 0x2f, 0x11, 0x98, 0x42, 
        0x90, 0xf2, 0xf2, 0x4d, 0xdb, 0x10, 0x49, 0x04,
    };
    
    /** @brief Predefined example public key that is associated with example private key
     *  @ref m_alice_raw_private_key.
     */
    static uint8_t m_alice_raw_public_key[] =
    {
    #if 0
        0x02, 0x17, 0xE6, 0x17, 0xF0, 0xB6, 0x44, 0x39,
        0x28, 0x27, 0x8F, 0x96, 0x99, 0x9E, 0x69, 0xA2,
        0x3A, 0x4F, 0x2C, 0x15, 0x2B, 0xDF, 0x6D, 0x6C,
        0xDF, 0x66, 0xE5, 0xB8, 0x02, 0x82, 0xD4, 0xED,
        0x19, 0x4A, 0x7D, 0xEB, 0xCB, 0x97, 0x71, 0x2D,
        0x2D, 0xDA, 0x3C, 0xA8, 0x5A, 0xA8, 0x76, 0x5A,
        0x56, 0xF4, 0x5F, 0xC7, 0x58, 0x59, 0x96, 0x52,
        0xF2, 0x89, 0x7C, 0x65, 0x30, 0x6E, 0x57, 0x94,
    #endif
        0x63, 0xa3, 0x1f, 0xef, 0x96, 0x79, 0xb7, 0x80, 
        0x43, 0x49, 0x89, 0x99, 0xea, 0x7d, 0xe8, 0xd0, 
        0x78, 0x4e, 0x8b, 0x4f, 0x2d, 0xa4, 0xcd, 0xf8, 
        0x52, 0x74, 0x42, 0x5a, 0x2d, 0x5a, 0xc0, 0xce,
        0xd0, 0x28, 0x7a, 0xe1, 0xc1, 0x53, 0xd9, 0x9c, 
        0x44, 0x84, 0x14, 0x0c, 0x2d, 0xa6, 0x21, 0xd2, 
        0xe5, 0xea, 0x83, 0x1b, 0x3b, 0x6a, 0xa7, 0x61, 
        0xd1, 0xef, 0x56, 0x55, 0xa1, 0x33, 0xe9, 0xd3
    };
    

    But, It fail to verify.

    Do I miss something? 

      

  • Could you show how you generate the signature from the private key ? Have you check if you have the same hash of the init package  ? 

    You can check if the signature you generate using the private key in your code match with the signature generated by nrfutil. 

    Be careful about the endianess of the signature. We send the signature in little-endian but when doing verify we need it in big-endian.

  • Hello,

     I just use example(examples\crypto\nrf_crypto\ecdsa) in the SDK

     And, I just replaced private key and public key on that example as my previous comment.

     So, I believe I am using same hash and generation procedure for signature is no problem.

     Anyway,  code is attached as below.

    /** @brief Alice signs the message.
     */
    static void alice_sign()
    {
        static nrf_crypto_ecc_private_key_t alice_private_key;
        ret_code_t                          err_code = NRF_SUCCESS;
    
        NRF_LOG_INFO("Alice's signature generation");
    
        // Alice converts her raw private key to internal representation
        err_code = nrf_crypto_ecc_private_key_from_raw(&g_nrf_crypto_ecc_secp256r1_curve_info,
                                                       &alice_private_key,
                                                       m_alice_raw_private_key,
                                                       sizeof(m_alice_raw_private_key));
        DEMO_ERROR_CHECK(err_code);
    
        // Alice generates signature using ECDSA and SHA-256
        m_signature_size = sizeof(m_signature);
        err_code = nrf_crypto_ecdsa_sign(NULL,
                                         &alice_private_key,
                                         m_hash,
                                         sizeof(m_hash),
                                         m_signature,
                                         &m_signature_size);
        DEMO_ERROR_CHECK(err_code);
    
        // Alice can now send the message and its signature to Bob
        print_hex("Alice's message hash: ", m_hash, sizeof(m_hash));
        print_hex("Alice's signature: ", m_signature, m_signature_size);
    
        // Key deallocation
        err_code = nrf_crypto_ecc_private_key_free(&alice_private_key);
        DEMO_ERROR_CHECK(err_code);
    }

    You can check if the signature you generate using the private key in your code match with the signature generated by nrfutil. 

    How can I check the signature? Please help me out to do it.

    Could you tell me private key conversion as below is correct?

      Private key generation :

     nrfutil keys display --key sk --format hex .\test.pem

     WARNING: Security risk! Do not share the private key.

     Private (signing) key sk:
     b954ae7fea6910692bd6879072074ea1519676922f11984290f2f24ddb104904

     Private key conversion :

    static uint8_t m_alice_raw_private_key[] =
    {
        0xb9, 0x54, 0xae, 0x7f, 0xea, 0x69, 0x10, 0x69,
        0x2b, 0xd6, 0x87, 0x90, 0x72, 0x07, 0x4e, 0xa1,
        0x51, 0x96, 0x76, 0x92, 0x2f, 0x11, 0x98, 0x42,
        0x90, 0xf2, 0xf2, 0x4d, 0xdb, 0x10, 0x49, 0x04,
    };

     

    Thanks,

      Chongchun Moon

  • Hi Moon, 

    Ok so you just want to try encrypt a message using the same private key and public key generated by nrfutil. 

    I will try to test here and let you now if it works. 

Reply Children
No Data
Related