-
Notifications
You must be signed in to change notification settings - Fork 19
[question] how to get certificate chain #12
Comments
Hi Vedat, the samples you have are pre-provisioned by Infineon with the default PKI setup (the file to which you are referring). After order more than a Minimum Order Quantity it is possible to define your own configuration of the PKI. In case of the order less than this amount, there are still options to personalize the samples either via this application note, or via distributors.
The example code to read out the end device certificate can be found as you mentioned either in Nordic SDK or in the example_optiga_util_read_data.c |
Thanks for the answer, Artem! So where is the corresponding private key of that default certificate? Stored in eFIRST_DEVICE_PRIKEY_1? |
You are welcome! |
Is there anyway to extract it? I tried to read it ( The value of its metadata (
E0 -> Algorithm associated with key container (value: Elliptic Curve Key on NIST P256 curve) |
A short answer is neither you nor anybody else can read out the private key, due to security reasons. You can't read the private key because the access conditions are not satisfied (the access conditions for this objects is Execute/EXE, which means it can only be used internally by the Trust X; e.g. by the signature generation routine) |
It is clear now. I thought it needs to be queried, by looking at examples in the solution reference manual. Sorry for taking your time. |
You ask reasonable questions which hopefully can help others answer their. |
Hi @ayushev ,
I am trying to download all PKI hierarchy, as mentioned in the OPTIGATM Trust X Keys and Certificates/3.1 PKI hierarchy for Productive Certificates, to host uC but I couldn't find any info (no forum, no doc, no example) about it. The only example is provided in the nordicsemi nRF SDK as below:
However, this code reads the same certificate into different variables, and that is all. (to be honest, I didn't understand the reason for that. I hoped the code downloads the certificate chain, but it doesn't)
So I appreciate if you can help me with that,
Best regards,
Vedat
The text was updated successfully, but these errors were encountered: