0

I need to generate a Certificate Signing Request given that I already have my private key, I can generate PKI with my MCU using hardware acceleration crypto engine.

What I need to do is assemble a CSR from the private key (already in pem format) in my firmware.

I tried the wolfssl suite, but I can not compile it (e2 studio, eclipse based), also was looking at the Chilkat suite, again is distributed in lib packages and are anyway too much for what I need.

I also thought about compiling from OpenSSL source to understand the minimum includes/ functions I would need to generate the CSR, but seems like looking for a needle in the haystack.

Is there a minimum set of functions/includes that I can use to generate the CSR given that I already have the capability of producing keys?

All is for an embedded environment, so a minimum set of functions would be greatly appreciated. Basically, I'm trying to port the minimum set of functions to an embedded platform to just generate a CSR from a private key (key is Elyptic ECC 2048).

rusty81
  • 53
  • 3
  • 10
  • You could re-implement it yourself although I'd strongly disadvise doing so. I think the most robust and secure way is to use the OpenSSL library and dig into the documentation. This will be portable and it enables you to keep up with newer crypto standards in the future. – Bernhard Sep 15 '21 at 08:59
  • Thanks, this is kind of what I need to do. In case I want to prototype what I need in Visual Studio (for example on Windows) then port this to the embedded environment, I get that I will need not only the includes but to import the .lib as well, how can I extract the .lib or have a set of functions/includes ready for an embedded system? thanks a lot – rusty81 Sep 15 '21 at 09:18
  • What about re-implementing myself? Some point to get started other that reading the https://datatracker.ietf.org/doc/html/rfc2986 ? I need some hands down on putting things together and hashing/signing the certificate – rusty81 Sep 15 '21 at 09:31
  • Yes, this RFC is a good starting point. But as you already mentioned, you have to deal with several cryptographic primitives and this is what it makes it complex and error-prone. Implementing cryptographic algorithms _correct_ is difficult specifically if your are not familiar with cryptography. – Bernhard Sep 16 '21 at 19:29

0 Answers0