1 (edited by Rusty81 2021-09-16 06:51:41)

Topic: Create a CSR(Certificate Signing Request) minimum size fw

Hi all,

I need to generate a Certificate Signing Request given that I already have my private key, I can generate PKI with my MCU using hardware acceleration crypto engine.

What I need to do is assemble a CSR from the private key (already in pem format) in my firmware.

I tried the wolfssl suite, but I can not compile it for some reason (nx_api not found..), e2 studio, is for a S5D9 MCU.
I thought to make a start even from an Arduino build (in IDE folder) and STM32 Keil, but I don't think Synergy Pack will like it.

I also thought about compiling from OpenSSL source to understand the minimum includes/ functions I would need to generate the CSR, but seems like looking for a needle in the haystack.

Is there a minimum set of functions/includes that I can use to generate the CSR given that I already have the capability of producing keys?

All is for an embedded environment, so a minimum set of functions would be greatly appreciated. Basically, I'm trying to port the minimum set of functions to an embedded platform to just generate a CSR from a private key (key is Elliptic ECC 2048).

The command that I need to "replicate" is the following:

openssl req -new -sha256 -key ecc_private.pem -out ecc_cert.csr -subj "/CN=unused"

This caught my eye: https://github.com/wolfSSL/wolfssl-exam … _example.c

The problem I'm facing is compile the wolfssl suite as a minimum set (don't need TLS for example) and include the relative headers that I need and the library into e2studio.

I'm really struggling with this at the moment, any hint or direction would be greatly appreciated.

Thanks,
S

Share

Re: Create a CSR(Certificate Signing Request) minimum size fw

Hi Rusty81,

If you do not need the TLS stack, please try enabling `WOLFCRYPT_ONLY`

Re: Create a CSR(Certificate Signing Request) minimum size fw

We also have an E2 example here:
https://github.com/wolfSSL/wolfssl/tree … s/e2studio

4 (edited by Rusty81 2021-09-21 02:19:00)

Re: Create a CSR(Certificate Signing Request) minimum size fw

Thanks embhorn,

Unfortunately, I'm not able to compile the template project, following the instructions given in the https://github.com/wolfSSL/wolfssl/tree … s/e2studio .

Also, there is not #define WOLFCRYPT_ONLY in the https://github.com/wolfSSL/wolfssl/blob … settings.h

Could you please guide me through the installation for S7G2? I'll be using S5D9 but I think the code will be portable with no major changes.

Once again, our certificate info (the piece that will be hashed and signed by my private key) will be always the same, as we create the CSR with SUBJ null, aka -subj "/CN=unused", also the length of public key will also be the same for every certificate (and so the certificate info fields to be hashed and signed).

After I figure out what to hash and sign exactly (I don't understand If I need to hash and sign the byte array format of the certificate info and also if I need to consider the whole SEQUENCE, or just from the labels inside it, and subsequent SEQUENCEs).

Any hint or help will be massively appreciated.

Thanks a lot,
S

Share

Re: Create a CSR(Certificate Signing Request) minimum size fw

Hi Rusty,

We definitely can help you with a port. Please send a request to facts@wolfssl.com

Thanks,
Eric @ wolfSSL Support