-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Attestattion certificate for OpenPGP ENC slot has unparsable public key #402
Comments
I've just generated new key via Also, verification of generated cert works, so, it's only openssl which cannot parse certificate. |
Thanks for reporting! I've notified our firmware team of this, it looks like an incompatibility with how the public key is encoded in the certificate which will likely be changed in a future version. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to reproduce
ykman key attest ENC test.crt
openssl x509 -in test.crt -text
Expected result
OpenSSL should show that everything is good :)
Actual results and logs
So, I have a key with all three slots set to use Curve25519/Ed25519:
Key attributes ...: ed25519 cv25519 ed25519
I can encrypt via gpg to my key, and on decrypting, gpg says that
gpg: encrypted with 256-bit ECDH key
But, when I'm trying to attest this key via
ykman key attest ENC test.crt
, and check this test.crt withopenssl x509 -in test.crt -text
, it thinks that certificate has:Signature Algorithm: sha256WithRSAEncryption
, also I'm getting this error:Other info
OpenSSL is of version 1.1.1k
Also, only ENC slot has this problem, other slots are fine.
The text was updated successfully, but these errors were encountered: