Tegrakeyhash reports 'Invalid key format'

I’ve checked all the L4T 35.x releases. For every release tegrakeyhash will report Invalid key format even though I created an rsa 3K key per these instructions:

openssl genrsa -out rsa_priv.pem 3072

hello chad.mcquillen,

I cannot reproduce this locally. $ openssl genrsa -out rsa_priv.pem 3072

$ ./tegrakeyhash --pkc ../rsa_priv.pem --chip 0x23
Key size is 384 bytes
sha512 hash: 
bytes: 
0x89, 0x2a, 0xe2, 0xd0, 0x1e, 0x3d, 0xe4, 0x6c, 
0x70, 0x66, 0xb9, 0x75, 0xdb, 0xfc, 0x0a, 0x20, 
0x7f, 0xa2, 0x65, 0xac, 0x58, 0xf4, 0x32, 0x87, 
0x29, 0x6e, 0x92, 0xb8, 0x27, 0xe3, 0xcb, 0xfc, 
0x6e, 0x38, 0x3f, 0xfe, 0x25, 0xdd, 0x59, 0x1f, 
0x6e, 0x8a, 0xe1, 0x10, 0x09, 0x70, 0xac, 0x9c, 
0xf5, 0xf5, 0x69, 0x50, 0x56, 0x80, 0xc1, 0x2b, 
0x42, 0x0f, 0x0a, 0x21, 0xa6, 0xe2, 0xd7, 0x90, 

tegra-fuse format (big-endian): 
0x892ae2d01e3de46c7066b975dbfc0a207fa265ac58f43287296e92b827e3cbfc6e383ffe25dd591f6e8ae1100970ac9cf5f569505680c12b420f0a21a6e2d790

fuse bypass format:
FAB_ENTRY(PUBLIC_KEY0, PUBLIC_KEY0, 0xd0e22a89),
FAB_ENTRY(PUBLIC_KEY1, PUBLIC_KEY1, 0x6ce43d1e),
FAB_ENTRY(PUBLIC_KEY2, PUBLIC_KEY2, 0x75b96670),
FAB_ENTRY(PUBLIC_KEY3, PUBLIC_KEY3, 0x200afcdb),
FAB_ENTRY(PUBLIC_KEY4, PUBLIC_KEY4, 0xac65a27f),
FAB_ENTRY(PUBLIC_KEY5, PUBLIC_KEY5, 0x8732f458),
FAB_ENTRY(PUBLIC_KEY6, PUBLIC_KEY6, 0xb8926e29),
FAB_ENTRY(PUBLIC_KEY7, PUBLIC_KEY7, 0xfccbe327),
FAB_ENTRY(PUBLIC_KEY8, PUBLIC_KEY8, 0xfe3f386e),
FAB_ENTRY(PUBLIC_KEY9, PUBLIC_KEY9, 0x1f59dd25),
FAB_ENTRY(PUBLIC_KEY10, PUBLIC_KEY10, 0x10e18a6e),
FAB_ENTRY(PUBLIC_KEY11, PUBLIC_KEY11, 0x9cac7009),
FAB_ENTRY(PUBLIC_KEY12, PUBLIC_KEY12, 0x5069f5f5),
FAB_ENTRY(PUBLIC_KEY13, PUBLIC_KEY13, 0x2bc18056),
FAB_ENTRY(PUBLIC_KEY14, PUBLIC_KEY14, 0x210a0f42),
FAB_ENTRY(PUBLIC_KEY15, PUBLIC_KEY15, 0x90d7e2a6),

What version of openssl are you running? I’m on Ubuntu 22.04 and have OpenSSL 3.0.2. Just out of curiosity I generated another key on my Mac which has LibreSSL 3.3.6 and then copied it over to the Linux system at which point tegrakeyhash could read the key.

Also can you try to run tegrakeyhash on a sample key that I uploaded? Rename to *.pem.

rsa_priv.txt (2.4 KB)

Courtesy of Matt Madison from the OE4T/Community gitter channel I need to use the -traditional flag:

openssl genrsa -traditional -out rsa_priv.pem 3072

hello chad.mcquillen,

I’m based-on Ubuntu 20.04.5, OpenSSL 1.1.1f
I do see the Invalid key format failure by using a sample key that you’ve uploaded
for instace,

 ./tegrakeyhash --pkc ~/Downloads/rsa_priv.pem 
Invalid key format

as developer guide still based-on Ubuntu 18.04 LTS, or 20.04 LTS.
here shows more details for this traditional option, i.e. /docs/man3.0/man1/openssl-genrsa.html

-traditional
Write the key using the traditional PKCS#1 format instead of the PKCS#8 format.

OK, thanks. I think I have everything sorted out now.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.