Share via

Netx Secure Client cert initialize error NX_SECURE_PKCS1_INVALID_PRIVATE_KEY

shaun 5 Reputation points
2024-05-15T09:34:38.8033333+00:00

Hi,

I'm using a STM32F732 dev board with threadx, netx + secure.

I have my own mqtt broker and a set of self signed certs, I have tested the broker and client certs using MQTT Explorer and can connect with 2-way cert validation without issue.

I have threadx/netx working with the broker when only using the server cert and no client cert checks, I'm trying to add the client certs into netx secure, however I keep getting the following error when initializing the local cert with the private key = NX_SECURE_PKCS1_INVALID_PRIVATE_KEY.

Drilling down into the code the following check is failing in _nx_secure_x509_pkcs1_rsa_private_key_parse()

/* Parse our next field, the modulus. */

status = _nx_secure_x509_asn1_tlv_block_parse(xxxx xxx xxx xxxx);

xxxxx

if (tlv_type != NX_SECURE_ASN_TAG_INTEGER || tlv_type_class != NX_SECURE_ASN_TAG_CLASS_UNIVERSAL)

tlv_type is set to 16 after the parse, however NX_SECURE_ASN_TAG_INTEGER is set at 2.

The certs have been generated from openssl as follows,

openssl genrsa -out stm32.key -traditional 2048

openssl req -config client.cnf -key stm32.key -new -sha256 -out stm32.csr

openssl ca -config client.cnf -extensions usr_cert -days 365 -notext -md sha256 -in stm32.csr -out stm32.crt

To convert the key / cert to DER for Netx as follows,

openssl rsa -in stm32.key -out stm32_rsa.key -traditional

openssl rsa -in stm32_rsa.key -outform DER -out stm32_rsa.der

xxd -i stm32_rsa.der > stm32_rsa_der.h

I'm assuming I have a format error in the key creation, however not knowing the details of the certs and keys means its hard to tell.

Any guidance would be great.

Shaun

Azure IoT
Azure IoT
A category of Azure services for internet of things devices.
401 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sander van de Velde | MVP 33,051 Reputation points MVP
    2024-05-15T21:22:25.93+00:00

    Hello @shaun,

    welcome to this moderated Azure community forum.

    On this forum mainly Microsoft Azure and Microsoft tooling questions are answered.

    With the Eclipse Foundation as its new home, Azure RTOS now has been renamed to Eclipse ThreadX and the new location is https://github.com/eclipse-threadx/threadx.

    You make a better chance for an answer to your questions at that GitHub repo. This can be done using the issues or as the readme says:

    You can also check previous questions or ask new ones on StackOverflow using the threadx-rtos and threadx tags.

    If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. All community members with similar issues will benefit by doing so. Your contribution is highly appreciated.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.