Developer Portal Community

    cancel
    Showing results for 
    Search instead for 
    Did you mean: 

    Read MQTT Certificate

    ivaiv853
    New Poster

    Read MQTT Certificate

    Hi,

    I want to send data via mqtt protocol. I enable APP_MQTT_SECURE_ENABLE in AppController.h and provide my certificate in the Custom file. My certificate is using Signature Algorithm ecdsa-with-SHA256. When I run the programm on my xdk, the error that occurs is  MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG in mbedtls_oid_get_sig_alg function. Any suggestion ?

     

    3 REPLIES 3
    LlobetAtWork
    Long-established Member

    Re: Read MQTT Certificate

    Hi ivaiv853,

    the ECDSA with SHA256 algorithm is supported by mbedTLS for signature verification.

    However in the XDK Workbench, the ECDSA algorithms have been disabled in SDK/XDK110/Common/Config/MbedTLS/MbedtlsConfigTLS.h, concretely the #define MBEDTLS_ECDSA_C.

    Here, you can retry with a certificate signed using the RSA algorithms or enable ECDSA in the configuration and re-building mbedtls with this support. 

    Best regards,

    Francisco Llobet

     

    ivaiv853
    New Poster

    Re: Read MQTT Certificate

    Hi,

    I have also defined the MBEDTLS_ECP_C as required. Now I came to a problem which I cannot debug. For the public key  info, the pk_alg is recognised as MBEDTLS_PK_ECKEY,  but it cannot  idendify the used curve. The used certificate uses elliptic curve P-384 defined by NIST for public key encription. Does this firmware have the supported algorithm for this curve type? If yes, what can possibly be the problem that occurs defined as MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE. 

     

    Best,

    Iva.

    LlobetAtWork
    Long-established Member

    Re: Read MQTT Certificate

    Hi ivaiv853,

    From the mbedTLS website core-features list (https://tls.mbed.org/core-features ) I see  that the 384-Bit NIST curve is listed as SECP384R1. This corresponds to the MBEDTLS_ECP_DP_SECP384R1_ENABLED definition that needs to be enabled


    Elliptic Curve Cryptography (ECC)mbed TLS has its own big number library for its ECC implementation and supports both Elliptic Curve Ephemeral Diffie Hellman (ECDHE) and ECDSA. The following standardized curves / ECP groups are supported:
    • secp192r1 - 192-bits NIST curve
    • secp224r1 - 224-bits NIST curve
    • secp256r1 - 256-bits NIST curve
    • secp384r1 - 384-bits NIST curve
    • secp521r1 - 521-bits NIST curve
    • secp192k1 - 192-bits Koblitz curve
    • secp224k1 - 224-bits Koblitz curve
    • secp256k1 - 256-bits Koblitz curve
    • bp256r1 - 256-bits Brainpool curve
    • bp384r1 - 384-bits Brainpool curve
    • bp512r1 - 512-bits Brainpool curve
    • m255 - 255-bits Curve25519

    Please go to to the mbedTLS support to see if your desired curve is supported by the library. I would recommend to try out the library support using the command-line tools for non-embedded (PC) environment. 

    Best regards,

    Francisco Llobet

    Icon--AD-black-48x48Icon--address-consumer-data-black-48x48Icon--appointment-black-48x48Icon--back-left-black-48x48Icon--calendar-black-48x48Icon--center-alignedIcon--Checkbox-checkIcon--clock-black-48x48Icon--close-black-48x48Icon--compare-black-48x48Icon--confirmation-black-48x48Icon--dealer-details-black-48x48Icon--delete-black-48x48Icon--delivery-black-48x48Icon--down-black-48x48Icon--download-black-48x48Ic-OverlayAlertIcon--externallink-black-48x48Icon-Filledforward-right_adjustedIcon--grid-view-black-48x48IC_gd_Check-Circle170821_Icons_Community170823_Bosch_Icons170823_Bosch_Icons170821_Icons_CommunityIC-logout170821_Icons_Community170825_Bosch_Icons170821_Icons_CommunityIC-shopping-cart2170821_Icons_CommunityIC-upIC_UserIcon--imageIcon--info-i-black-48x48Icon--left-alignedIcon--Less-minimize-black-48x48Icon-FilledIcon--List-Check-grennIcon--List-Check-blackIcon--List-Cross-blackIcon--list-view-mobile-black-48x48Icon--list-view-black-48x48Icon--More-Maximize-black-48x48Icon--my-product-black-48x48Icon--newsletter-black-48x48Icon--payment-black-48x48Icon--print-black-48x48Icon--promotion-black-48x48Icon--registration-black-48x48Icon--Reset-black-48x48Icon--right-alignedshare-circle1Icon--share-black-48x48Icon--shopping-bag-black-48x48Icon-shopping-cartIcon--start-play-black-48x48Icon--store-locator-black-48x48Ic-OverlayAlertIcon--summary-black-48x48tumblrIcon-FilledvineIc-OverlayAlertwhishlist