keypair generation at index OPTIGA_KEY_STORE_ID_E0F0 always fails.

[dogusural]

optiga_key_id =  OPTIGA_KEY_STORE_ID_E0F0;

        return_status = optiga_crypt_ecc_generate_keypair(OPTIGA_ECC_NIST_P_256,
                                                          (uint8_t)OPTIGA_KEY_USAGE_SIGN,
                                                          FALSE,
                                              &optiga_key_id,
                                                          public_key,
                                                          &public_key_length);

This slot always fails with the return code of 65536, the remaining 3 slots are working as expected. Do you know what can cause this behaviour ?

[pwiegele]

Hi dogusriddle,

The first slot 0xE0F0 is locked when the chip is created in our production. You can use the key but you can not overwrite it with the genkey function.

[dogusural]

Thanks for the response, how can I learn the value of the public key in that locked slot ? I have been saving the public keys on the GP section of the memory when they are generated. ı didnt know we can access them after the generation.

[pwiegele]

When you call the genkey function you will generate a private key and the public key gets returned to the caller. For the pregenerated key you can find the corresponding public key in the certificate which is stored in the slot 0xE0E0. We use x509 certificates with some leading tags. You should find the start of it at offset 9.