Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1458 Discussions

"unable to load public key" error on openssl1.1.1f

keiji_niwa
Novice
‎09-26-2023 02:19 AM
1,071 Views
Solved Jump to solution

Hi all
I try to perform encryption using the public key obtained using eHSM-KMS getpublickey API.
However, in my environment, the encryption fails with "unable to load Public key". my environment using openssl1.1.1f.

Encryption succeeds in other environments. This environment uses openssl3.0.2.

What causes encryption to fail with an "unable to load public key" error in openssl1.1.1f environment?

Regards,
keiji_niwa

0 Kudos
1 Solution
keiji_niwa
Novice
‎10-20-2023 12:58 AM
823 Views
Solved Jump to solution
In response to keiji_niwa

This is a correction.
pkcs#11 is wrong
The correct name is pkcs#8.

View solution in original post

In response to keiji_niwa
0 Kudos
Copy link

Link Copied

5 Replies
Iffa_Intel
Moderator
‎10-03-2023 07:23 PM
959 Views
Solved Jump to solution

Hi,


could you clarify if there is a specific reason you are using OpenSSL 1.1.1?



Cordially,

Iffa


0 Kudos
Copy link
keiji_niwa
Novice
‎10-04-2023 03:15 AM
947 Views
Solved Jump to solution
In response to Iffa_Intel

Hi,
eHSM-KMS supports OpenSSL1.1.1.

eHSM-KMS in our environment also uses OpenSSL1.1.1.

Therefore, we decided to use OpenSSL1.1.1 for encryption.

thank you.

In response to Iffa_Intel
0 Kudos
Copy link
keiji_niwa
Novice
‎10-20-2023 12:54 AM
823 Views
Solved Jump to solution

hi all.
I was able to resolve the issue by changing the public key format to pkck#11.
thank you.

0 Kudos
Copy link
keiji_niwa
Novice
‎10-20-2023 12:58 AM
824 Views
Solved Jump to solution
In response to keiji_niwa

This is a correction.
pkcs#11 is wrong
The correct name is pkcs#8.

In response to keiji_niwa
0 Kudos
Copy link
Sahira_Intel
Moderator
‎10-24-2023 12:30 PM
755 Views
Solved Jump to solution

Hi,

I recommend opening a ticket in the official EHSM Github: https://github.com/intel/ehsm/issues


Sincerely,

Sahira


0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.