Invalid private key with ed25519

RE: Invalid private key with ed25519

MaLu — Mon, 31 Jan 2022 13:03:41 GMT

Hi,

I have changed the getpriv function to getpub and nowthe build procces runs without complaint. Seems to work.

Thanks a bunch!

RE: Invalid private key with ed25519

Håkon Alseth — Mon, 31 Jan 2022 12:50:00 GMT

We have found the issue and created a pull-request with a proposed fix:

https://github.com/nrfconnect/sdk-nrf/pull/6693

Could you test it and see if this also fixes the issue on your end?

Kind regards,

Håkon

RE: Invalid private key with ed25519

Håkon Alseth — Fri, 28 Jan 2022 12:02:06 GMT

Hi,

I can confirm that I see the same behavior when selecting this in mcuboot:

CONFIG_BOOT_SIGNATURE_TYPE_ED25519=y

Which then prints:

CMake Warning at /opt/ncs/nrf/modules/mcuboot/CMakeLists.txt:255 (message):
  

        ---------------------------------------------------------
        --- WARNING: Using default MCUBoot key, it should not ---
        --- be used for production.                           ---
        ---------------------------------------------------------
        



CMake Warning at /opt/ncs/nrf/modules/mcuboot/CMakeLists.txt:278 (message):
  Key file `/opt/ncs/bootloader/mcuboot/root-ed25519.pem` does not contain a
  valid private key.  Signing of images will be disabled.

Unfortunately, I do not have a workaround at this time. I will report this internally.

Kind regards,

Håkon

RE: Invalid private key with ed25519

MaLu — Fri, 28 Jan 2022 06:11:44 GMT

Hi, thanks for the reply.

PS D:\work\nRF_Connect_SDK\devzone\hello_world1234> ssh-keygen.exe -p -f .\test_ed25519.pem -m pem -P "" -N ""
Failed to load key .\\test_ed25519.pem: invalid format

Does not seem to work with my ed25519 key file. Is this neccessary to do? As I said, in SDK Version 1.4.0, the exemplary .pem file created by the imgtool in my first post was enough to let the build run through.

RE: Invalid private key with ed25519

sipan112 — Thu, 27 Jan 2022 15:18:23 GMT

ou can use ssh-keygen to convert the key to the classic OpenSSH format:

ssh-keygen -p -f file -m pem -P passphrase -N passphrase

(if the key is not encrypted with a passphrase, use "" instead of passphrase)

For Windows users: Note that ssh-keygen.exe is now built-in in Windows 10. And can be downloaded from the Microsoft Win32-OpenSSH project for older versions of Windows.