nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

I this link useful? I don't know too much about this, but I can do some more investigation and ask internally if the link didn't help.

Best regards,

Simon

Hi Simon,

thank your for your reply, but my question is how to generate all of this ON the nRF9160. Because if that would be possible

than the private key should not leave the device ensuring a higher security level compared to generating these keys outside of the device and transmitting over some channel.

Could you please ask for that? It would be good, if the key generation could happen on the device.

With kind regards,

Árpád

I'm sorry for the delay, somehow I left this ticket behind and forgot to do further investigation. I have asked some developers internally and currently waiting for an answer.

Best regards,

Simon

I got an answer on how to go about this:

"DER is just a binary encoded PEM.  they can use base64_decode(), passing in the base64 text from the PEM (data between the BEGIN/END lines). 

Best regards,
Simon

Hi Simon,

that is partially answer to my question. Thank you.

The rest of the question is:

is it possible -and if yes how- to generate elliptic curve keys and an x509 certificate needed by Google Cloud IoT on the nRF9160?

The generation with openssl on a desktop machine is described here:

I want to know whether it's possible to do the same - of course not with openssl- on the device itself.

Probably with the nrf_oberon crypto library?

For example I found ocrypto_ecdsa_p256_public_key in the nrf_oberon lib, but how to make an X509 certificate?

With kind regards,

Árpád