https://devzone.nordicsemi.com/f/nordic-q-a/63773/cross-checking-nrfutil-boot_validation_signature-for-validate_ecdsa_p256_sha256-with-openssl-command-lineHello, I setup nrfutil to use VALIDATE_ECDSA_P256_SHA256 and have this output from the pkg display output: |- hash_type: SHA256 |- hash (little-endian): 60de8328530e5882b789259309c47d20dc1a9482f89606ad2cb70d9ad6456b1b | |- boot_validation_type: [en-USTelligent Community 13Wed, 09 Dec 2020 01:38:17 GMThttps://devzone.nordicsemi.com/thread/283935?ContentTypeID=1Wed, 09 Dec 2020 01:38:17 GMT137ad170-7792-4731-bb38-c0d22fbe4515:eb497e32-e232-4c05-932a-146b55941fe2Wendel<p>Hi Richard,</p> <p>Thanks for the clarification. It really helps a lot.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/283848?ContentTypeID=1Tue, 08 Dec 2020 14:23:00 GMT137ad170-7792-4731-bb38-c0d22fbe4515:81d3f43a-9e60-462e-a5d1-d5ee51856672Richard R<p>Hi Wendel,</p> <p>Not directly, no. The answer from <em>Turbo J&nbsp;</em>is correct.</p> <p>nrfutil stores the ecdsa signature as <span style="font-family:&#39;courier new&#39;, courier;">{r,s}</span> value pairs (32-byte each) in little endian <span style="font-family:&#39;courier new&#39;, courier;">{r_le, s_le}</span>. See <span style="font-family:&#39;courier new&#39;, courier;">nrfutil/dfu/signing.py</span> for lines like this:</p> <p><span style="font-family:&#39;courier new&#39;, courier;"><span class="pl-k">return</span> <span class="pl-s1">signature</span>[<span class="pl-c1">31</span>::<span class="pl-c1">-</span><span class="pl-c1">1</span>] <span class="pl-c1">+</span> <span class="pl-s1">signature</span>[<span class="pl-c1">63</span>:<span class="pl-c1">31</span>:<span class="pl-c1">-</span><span class="pl-c1">1</span>]</span></p> <p><span>I ended up creating a variant of that function that can return the big-endian format.</span></p> <p><span><br />I can&#39;t find a simple openssl CLI to cross-check, so I end up using pyca/crytography library (<a href="https://cryptography.io/en/latest/index.html">https://cryptography.io/en/latest/index.html</a>) which uses openssl as a back-end for testing.</span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/283704?ContentTypeID=1Tue, 08 Dec 2020 07:26:07 GMT137ad170-7792-4731-bb38-c0d22fbe4515:a97ba9d5-a7f2-4803-9683-24f8f5b7eabfWendel<p>Hi Richard</p> <p>Have you got the method to cross check signature with openssl command line?</p> <p>Thanks.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/259998?ContentTypeID=1Tue, 14 Jul 2020 20:41:49 GMT137ad170-7792-4731-bb38-c0d22fbe4515:73afd493-85c1-4e2d-8a5b-fbfb0a246a7aTurbo J<p>I cannot provide OpenSSL commands, but there are two important things missing:</p> <ul> <li>ASN.1 encoding</li> <li>big endian byte order</li> </ul> <p>The <span style="font-family:&#39;courier new&#39;, courier;">nrfutil.sign</span> file is smaller because it is not ASN.1 encoded. OpenSSL expects signatures to be ASN.1 encoded in order to provide meta information (e.g. which algorithm to use).</p> <p>The encoded data is expected to be in network byte order (= big endian). The nrfutil program generates signatures in little endian, since that matches the endianess of the NordicSemi Cortex-M chips - and thus no byte order swapping needs to be done when checking the signature in the bootloader.</p> <p>In summary, for OpenSSL to be useful one needs to swap byte order (reverse bytes), and then encode the result <em>properly </em>as ASN.1 data. Not sure if this is <em>possible</em> with the command line tool only.</p><div style="clear:both;"></div>