• State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 74 subscribers
  • Views 1747 views
  • Users 0 members are here
Attachments (1) Download All
Nordic Case Info
  • Case ID: 283242
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Invalid private key with ed25519

MaLu

Hi,

I have an application for the nRF9160 where I want to use mcuboot and of course signing, but I get the following message while building, that my key file is invalid.

-- Found assembler: D:/work/nRF_Connect_SDK/v1.8.0/toolchain/opt/bin/arm-none-eabi-gcc.exe
MCUBoot bootloader key file: D:/work/nRF_Connect_SDK/devzone/hello_world1234/test_ed25519.pem
-- Configuring done
-- Generating done
-- Build files have been written to: D:/work/nRF_Connect_SDK/devzone/hello_world1234/build/mcuboot
=== child image mcuboot -  end ===

CMake Warning at D:\work\nRF_Connect_SDK\v1.8.0\nrf\modules\mcuboot\CMakeLists.txt:278 (message):
  Key file `D:/work/nRF_Connect_SDK/devzone/hello_world1234/test_ed25519.pem`
  does not contain a valid private key.  Signing of images will be disabled.


Disable signing with `CONFIG_SIGN_IMAGES=n` to silence this warning.

I generated this keyfile and with the imgtool.py and it looks as follows:

-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIIXfDZiyadNbgeTl1FjaPsSpYOsVy8/pF1MtYafCSFcw
-----END PRIVATE KEY-----

Now nothing gets signed and I get no app_update.bin file and everything that comes with it.

I have attached a sample application where I get this error, where I used the .conf files of my actual application (just to clarify why they are so overkill for a hello world program).

I am using nRF Connect SDK 1.8.0 and VSCode

1007.hello_world1234.zip

Thank you in advance.

EDIT: This also applies with the default keys (meaning not setting CONFIG_BOOT_SIGNATURE_KEY_FILE to anything specific).

- Found assembler: D:/work/nRF_Connect_SDK/v1.8.0/toolchain/opt/bin/arm-none-eabi-gcc.exe
MCUBoot bootloader key file: D:/work/nRF_Connect_SDK/v1.8.0/bootloader/mcuboot/root-ed25519.pem
-- Configuring done
-- Generating done
-- Build files have been written to: D:/work/nRF_Connect_SDK/devzone/hello_world1234/build/mcuboot
=== child image mcuboot -  end ===

CMake Warning at D:\work\nRF_Connect_SDK\v1.8.0\nrf\modules\mcuboot\CMakeLists.txt:255 (message):
  

        ---------------------------------------------------------
        --- WARNING: Using default MCUBoot key, it should not ---
        --- be used for production.                           ---
        ---------------------------------------------------------
        



CMake Warning at D:\work\nRF_Connect_SDK\v1.8.0\nrf\modules\mcuboot\CMakeLists.txt:278 (message):
  Key file
  `D:/work/nRF_Connect_SDK/v1.8.0/bootloader/mcuboot/root-ed25519.pem` does
  not contain a valid private key.  Signing of images will be disabled.


Disable signing with `CONFIG_SIGN_IMAGES=n` to silence this warning.
Dropping partition 'nrf_modem_lib_trace' since its size is 0.
-- Configuring done
-- Generating done
-- Build files have been written to: D:/work/nRF_Connect_SDK/devzone/hello_world1234/build

It appears, that this is ed25519 specific. RSA and ECDSA-P256 seem to work fine.

Only when going back to SDK 1.4.0 it seems to recognize the .pem file correctly and spit out a signed .bin file.

Parents Reply Children
  • 0 in reply to sipan112

    Hi, thanks for the reply.

    PS D:\work\nRF_Connect_SDK\devzone\hello_world1234> ssh-keygen.exe -p -f .\test_ed25519.pem -m pem -P "" -N ""
Failed to load key .\\test_ed25519.pem: invalid format

    Does not seem to work with my ed25519 key file. Is this neccessary to do? As I said, in SDK Version 1.4.0, the exemplary .pem file created by the imgtool in my first post was enough to let the build run through.

Related
Terms of service