Hello,
We’ve generated an ECC keypair within our Nitrokey HSM and for some reason it is failing to be parsed by openssl. We used the “Export Certificate” option from the drop-down available in SCSH3’s GUI.
Are we missing something here? Should we use the X509CA/ca.js script to export the self-signed certificate?
The certificate also looks a bit weird from what I have seen in past ECC keys.
$ cat cert.pem
-----BEGIN CERTIFICATE-----
Z4IB7X8hggGTf06CAUtfKQEAQhBERU5LMDEwNjAyNDAwMDAwf0mCAR0GCgQAfwAH
AgICAgOBIP////8AAAABAAAAAAAAAAAAAAAA////////////////giD/////AAAA
AQAAAAAAAAAAAAAAAP///////////////IMgWsY12Ko6k+ez671VdpiGvGUdBrDM
U7D2O848PifSYEuEQQRrF9Hy4SxCR/i85uVjpEDydwN9gS3rM6D0oTlF2JjClk/j
QuL+Gn+bjufrSnwPnhYrzjNXazFezsu2QGg3v1H1hSD/////AAAAAP//////////
vOb6racXnoTzucrC/GMlUYZBBAXH/wmHLrzXqofrJrJpKYvZfB/veMCy03Tj2MdV
14NMXty+A8tbylhz9euUXhTiTX83huUUeyVTyEDW58c/rgaHAQFfIBBERU5LMDEw
NjAyNDAwMDAwXzdAZ9uOOEeVT6juIAodon3iKYnQuxV1Xdne6AjLwna+udrTn/AP
GNIHLWQwmMw4D3v/+1KXf2ibjkssVdUygdX5dEIQREVOSzAxMDYwMjQwMDAwMF83
QEV2nllQGZygSExTEpZVydZkjSV1w3PU3FNTfWBjWXrRAqPs0ES8rDM37OToPhwI
Mi9a/5HEVZJBcgIUgdDuIh8=
-----END CERTIFICATE-----
$ openssl asn1parse -in cert.pem
0:d=0 hl=4 l= 493 cons: appl [ 7 ]
4:d=1 hl=5 l= 403 cons: appl [ 33 ]
9:d=2 hl=5 l= 331 cons: appl [ 78 ]
14:d=3 hl=3 l= 1 prim: appl [ 41 ]
18:d=3 hl=2 l= 16 prim: appl [ 2 ]
36:d=3 hl=5 l= 285 cons: appl [ 73 ]
41:d=4 hl=2 l= 10 prim: OBJECT :0.4.0.127.0.7.2.2.2.2.3
53:d=4 hl=2 l= 32 prim: cont [ 1 ]
87:d=4 hl=2 l= 32 prim: cont [ 2 ]
121:d=4 hl=2 l= 32 prim: cont [ 3 ]
155:d=4 hl=2 l= 65 prim: cont [ 4 ]
222:d=4 hl=2 l= 32 prim: cont [ 5 ]
256:d=4 hl=2 l= 65 prim: cont [ 6 ]
323:d=4 hl=2 l= 1 prim: cont [ 7 ]
326:d=3 hl=3 l= 16 prim: appl [ 32 ]
345:d=2 hl=3 l= 64 prim: appl [ 55 ]
412:d=1 hl=2 l= 16 prim: appl [ 2 ]
430:d=1 hl=3 l= 64 prim: appl [ 55 ]
$