I got into trouble with migrating to the latest (v6.0) version of esp-idf, because it implies a migration to mbedtls 4.0.
I had a working application (library really) to obtain ACME certificates from letsencrypt.org. I tried porting, but ran into trouble. So please help.
To debug, I try to mimic the example in Appendix A.2 of RFC 7515. Where this should obviously succeed, the current output I get is :
I (12:57:46.067) main_task: Calling app_main() I (12:57:46.088) Crypto: Acme standalone client example © 2026 by Danny Backx I (12:57:46.089) Crypto: checkRfc7515_a21 Base64({"alg":"RS256"}) -> eyJhbGciOiJSUzI1NiJ9 is correct I (12:57:46.094) Crypto: checkRfc7515_a21 Base64({"iss":"joe", "exp":1300819380, "http://example.com/is_root%22:true%7D) -> eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ is correct I (12:57:46.121) Crypto: checkRfc7515_a21 importPrivateKey() -> 1073741825 E (12:57:46.122) psa_crypto: psa_get_and_lock_key_slot_with_policy psa_key_policy_permits -> -133 E (12:57:46.129) psa_crypto: psa_sign_internal psa_get_and_lock_key_slot_with_policy -> -133 E (12:57:46.137) Crypto: psa_sign_hash (key 1073741825) failed (not permitted, -133 0x0085) I (12:57:46.145) Crypto: checkRfc7515_a21 Signature(eyJhbGciOiJSUzI1NiJ9,eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ) -> (null) E (12:57:46.161) Crypto: Signature 0, fail E (12:57:46.165) Crypto: RFC 7515 A.2.1 : validation failed
Some of the "psa_crypto" lines come from debug statements I added in the library.
The whole source for this is in one file at https://sourceforge.net/p/esp32-acme-client/code/HEAD/tree/trunk/examples/si... . Obviously it's the hashing step which I had under control with a previous library which I don't call correctly (or I don't know how to import the right key).
What am I doing wrong ?
Thanks,
Danny
Hello,
The error seems to be a key policy check returning -133 (PSA_ERROR_NOT_PERMITTED). I notice your code specifies PSA_ALG_HKDF(PSA_ALG_SHA_256) as the algorithm in the key policy, and PSA_ALG_SHA_256 when calling psa_sign_hash(). The two need to match, and neither of these two is a signature algorithm. You presumably meant PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256) in both cases. (In the attributes, the other plausible algorithm is PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH), if you want the key to be usable with different hash algorithms.)
Thanks, but that produces a different error :
I (00:05:44.055) Crypto: Acme standalone client example © 2026 by Danny Backx I (00:05:44.056) Crypto: checkRfc7515_a21 Base64({"alg":"RS256"}) -> eyJhbGciOiJSUzI1NiJ9 is correct I (00:05:44.061) Crypto: checkRfc7515_a21 Base64({"iss":"joe", "exp":1300819380, "http://example.com/is_root%22:true%7D) -> eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ is correct I (00:05:44.087) Crypto: checkRfc7515_a21 importPrivateKey() -> 1073741825 I (00:05:44.088) wrappers: psa_driver_wrapper_sign_hash 340 E (00:05:44.844) psa_crypto: psa_sign_internal psa_driver_wrapper_sign_hash -> -149 E (00:05:44.845) Crypto: psa_sign_hash (key 1073741825) failed (invalid signature, -149 0x0095) I (00:05:44.850) Crypto: checkRfc7515_a21 Signature(eyJhbGciOiJSUzI1NiJ9,eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ) -> (null) E (00:05:44.865) Crypto: Signature 0, fail E (00:05:44.869) Crypto: RFC 7515 A.2.1 : validation failed
On 5/20/26 20:40, Gilles Peskine wrote:
Hello,
The error seems to be a key policy check returning -133 (PSA_ERROR_NOT_PERMITTED). I notice your code specifies PSA_ALG_HKDF(PSA_ALG_SHA_256) as the algorithm in the key policy, and PSA_ALG_SHA_256 when calling psa_sign_hash(). The two need to match, and neither of these two is a signature algorithm. You presumably meant PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256) in both cases. (In the attributes, the other plausible algorithm is PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH), if you want the key to be usable with different hash algorithms.)
-- Best regards,
Gilles Peskine TF-PSA-Crypto developer
On 20/05/2026 20:13, Danny Backx via mbed-tls wrote:
I got into trouble with migrating to the latest (v6.0) version of esp-idf, because it implies a migration to mbedtls 4.0.
I had a working application (library really) to obtain ACME certificates from letsencrypt.org. I tried porting, but ran into trouble. So please help.
To debug, I try to mimic the example in Appendix A.2 of RFC 7515. Where this should obviously succeed, the current output I get is :
I (12:57:46.067) main_task: Calling app_main() I (12:57:46.088) Crypto: Acme standalone client example © 2026 by Danny Backx I (12:57:46.089) Crypto: checkRfc7515_a21 Base64({"alg":"RS256"}) -> eyJhbGciOiJSUzI1NiJ9 is correct I (12:57:46.094) Crypto: checkRfc7515_a21 Base64({"iss":"joe", "exp":1300819380, "http://example.com/is_root%22:true%7D) -> eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ is correct I (12:57:46.121) Crypto: checkRfc7515_a21 importPrivateKey() -> 1073741825 E (12:57:46.122) psa_crypto: psa_get_and_lock_key_slot_with_policy psa_key_policy_permits -> -133 E (12:57:46.129) psa_crypto: psa_sign_internal psa_get_and_lock_key_slot_with_policy -> -133 E (12:57:46.137) Crypto: psa_sign_hash (key 1073741825) failed (not permitted, -133 0x0085) I (12:57:46.145) Crypto: checkRfc7515_a21 Signature(eyJhbGciOiJSUzI1NiJ9,eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ) -> (null) E (12:57:46.161) Crypto: Signature 0, fail E (12:57:46.165) Crypto: RFC 7515 A.2.1 : validation failed
Some of the "psa_crypto" lines come from debug statements I added in the library.
The whole source for this is in one file at https://sourceforge.net/p/esp32-acme-client/code/HEAD/tree/trunk/examples/si... . Obviously it's the hashing step which I had under control with a previous library which I don't call correctly (or I don't know how to import the right key).
What am I doing wrong ?
Thanks,
Danny
-- Danny Backx - dannybackx@telenet.be
mbed-tls@lists.trustedfirmware.org
-
Danny Backx -
Gilles Peskine