• State Not Answered
  • Replies 5 replies
  • Subscribers 74 subscribers
  • Views 1408 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 251695
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Need nrf crypto library to have support of importing certificates signed by RSA with SHA1 or SHA-224

jli157@intel

Hi Nordic folks, 

Our project is using nrf52840-DK boards as the development beds. We're developing a security application by leveraging the internal CryptoCell CC310 inside the SoC. Right now, we found a problem in parsing the imported certificates:

The device needs to import some certificates signed by RSA with SHA-1 or SHA-384. When the certificate is imported, the function `mbetls_rsa_import_raw` returns the error with the code:

MBEDTLS_X509_BADCERT_BAD_MD

 

I'm wondering if it is possible to add the support to parse this kind of certificates? If so, how? 

Sorry the head has a typo, it should be SHA-384. 

Thank you! 

Jun 

Intel | Santa Clara| CA| USA

Parents
  • 0

    Hi Martin,

    We are trying to use CC310 backed to establish a tls session to a remote server. In order to verify the authenticity of the server, we need to parse the CA chain and load to the ssl context. If the back end doesn't support parsing of certificates how can we achieve it?

    I was expecting below configuration in nrf_security/Kconfig for cert parsing.

    config MBEDTLS_X509_LIBRARY
    bool
    prompt "Create mbed TLS x509 library"
    help
    Create the mbed x509 library for handling of certificates. 

    Regards,

    Manoj

Reply
  • 0

    Hi Martin,

    We are trying to use CC310 backed to establish a tls session to a remote server. In order to verify the authenticity of the server, we need to parse the CA chain and load to the ssl context. If the back end doesn't support parsing of certificates how can we achieve it?

    I was expecting below configuration in nrf_security/Kconfig for cert parsing.

    config MBEDTLS_X509_LIBRARY
    bool
    prompt "Create mbed TLS x509 library"
    help
    Create the mbed x509 library for handling of certificates. 

    Regards,

    Manoj

Children
Related
Terms of service