Zymkey 4 not working on CURL

ZYMKEY4
1

Hi,
I have recently bought the zymkey 4 and installed in on my raspberry Pi. I have successfully created the CSR using openSSL command and created a device certificate in AWS. When I am trying to use CURL to send data using MQTT its giving an error Private key not found. It seems like Curl is unable to access the nonzymkey.key file.

This is the command I am trying:-

curl --tlsv1.2 --cacert AWS_CA.pem --cert zymkey.crt --key nonzymkey.key --engine zymkey_ssl --key-type ENG -v -X POST -d “{ "hello": "world"}” “https://example1.iot.us-east-1.amazonaws.com:8443/topics/hello/world

the output I am getting:-

$ curl --tlsv1.2 --cacert AWS_CA.pem --cert zymkey.crt --key nonzymkey.key --engine zymkey_ssl --key-type ENG -v -X POST -d “{ "hello": "world"}” “httpx://ddddddd.iot.us-east-1.amazonaws>com:8443/topics/hello/world”
Note: Unnecessary use of -X or --request, POST is already inferred.

  • Trying xx.xx.146.237:8443…
  • Trying ::3656:df64:8443…
  • Immediate connect fail for:3656:df64: Network is unreachable
  • Trying::3456:b692:8443…
  • Immediate connect fail for ::3456:b692: Network is unreachable
  • Trying ::3654:2721:8443…
    ** Connected to test.iot.us-east-1.amazonaws>com (xx.xx.146.237) port 8443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: AWS_CA.pem
  • CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Request CERT (13):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Certificate (11):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS alert, internal error (592):
  • error:100F907D:elliptic curve routines:ossl_ecdsa_sign_sig:missing private key
  • Closing connection 0
    curl: (35) error:100F907D:elliptic curve routines:ossl_ecdsa_sign_sig:missing private key

Security Module for Raspberry Pi

2

Any update on this?
I am facing the same issue.

3

I’m facing the same issue with SEN Secure Edge Node:
curl 7.74.0 (aarch64-unknown-linux-gnu) libcurl/7.74.0 OpenSSL/1.1.1n zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.9.0 nghttp2/1.43.0 librtmp/2.3
Release-Date: 2020-12-09, security patched: 7.74.0-1.3+deb11u11
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets

Error got

  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: AWS_CA.pem
  • CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Request CERT (13):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Certificate (11):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS alert, internal error (592):
  • error:100F907D:elliptic curve routines:ossl_ecdsa_sign_sig:missing private key
  • Closing connection 0
    curl: (35) error:100F907D:elliptic curve routines:ossl_ecdsa_sign_sig:missing private key

Any update?

4

This worked with 7.74.0 in the past. Are you using the same command as the previous post? Can you post the command you’re using? We’ll take a look.

5

Remove curl version 7.74.0 and install 7.73.0 fix this issue.