• State Resolved
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 390 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

CC3220SF-LAUNCHXL: Custom Root CA catalog + root ca certificate: works also in production mode?

CC3220SF-LAUNCHXL: WRONG SIGNATURE when uniflashing with real code signing certificate

Francesco Prosperi
Intellectual 390 points
Part Number: CC3220SF-LAUNCHXL
Other Parts Discussed in Thread: UNIFLASH

Hi guys,

I got hands on a real code signing certificate from Thawte.

Sadly Uniflash keeps giving me:

I followed instructions as in document SWPU332. My file list is as follows:

 

I set the standard certificate catalog (NOT the playground).

Are there any obvious mistakes?

Could you give direct support on this, by mail or other means?

I could share files to let you do some tests.

Thanks for your time,

Francesco

  • 0
    TI__Mastermind 22935 points
    Hi Francesco,

    Are you sure you're using the private key for the certificate you trying to sign your code with? I can re-create your exact error when I purposely put the wrong private key in Uniflash.

    Jesu
  • 0 in reply to Jesu
    Intellectual 390 points

    Hi Jesu,

    following your advice I tried to re-extract all the bits from the p12 file using openssl. Thanks for pointing that out.

    Here are the commands starting from the p12 file that extracts the private key and the client certificate, for others with the same problem and personal future reference.

    There commands seem to work: Uniflash reachs 100% and hopefully says "Programming complete".

    keyCertStore.p12 is the file containing certs and private key.

    #extract encrypted private key from pkcs12
    openssl pkcs12 -in keyCertStore.p12 -nocerts -out myEncPrivateKey.pem

    #remove password from encrypted private key
    openssl rsa -in myEncPrivateKey.pem -out myPrivateKey.pem

    #extract client certificate from pkcs12
    openssl pkcs12 -in vortice.p12 -clcerts -nokeys -out myCert.pem

    #check MD5 hash of the public key to ensure that it matches with private key
    openssl rsa -noout -modulus -in myPrivateKey.pem | openssl md5
    openssl x509 -noout -modulus -in myCert.pem | openssl md5
    # results of previous commands have to be equal

    #convert certificate from PEM to DER format
    openssl x509 -outform der -in myCert.pem -out myCert.der

    # now we can use myCert.der and myPrivateKey.pem in Uniflash

    P.S. In the previous attempt I extracted the key in Windows 7 so I was doing things differently. But I don't know what was/were the error/s.

    Thanks again for the help.

    I'll close the thread.

    Tomorrow I will test OTA with these certs but I am not expected surprises. Eventually I'll open another thread.

    Regards,

    Francesco