imgtool: Add support for password protected RSA keys
The keygen command allows the `-p` argument which will prompt for a
password, and protect the private key with this password. When loading
keys, it will prompt for a password if it detects a password protected
key.
Signed-off-by: David Brown <david.brown@linaro.org>
diff --git a/scripts/imgtool/keys/__init__.py b/scripts/imgtool/keys/__init__.py
index 8a2c50f..371af12 100644
--- a/scripts/imgtool/keys/__init__.py
+++ b/scripts/imgtool/keys/__init__.py
@@ -102,10 +102,13 @@
raw_pem,
password=passwd,
backend=default_backend())
- # This is a bit nonsensical of an exception, but it is what
- # cryptography seems to currently raise if the password is needed.
- except TypeError:
- return None
+ # Unfortunately, the crypto library raises unhelpful exceptions,
+ # so we have to look at the text.
+ except TypeError as e:
+ msg = str(e)
+ if "private key is encrypted" in msg:
+ return None
+ raise e
except ValueError:
# This seems to happen if the key is a public key, let's try
# loading it as a public key.
diff --git a/scripts/imgtool/keys/rsa.py b/scripts/imgtool/keys/rsa.py
index 8d5d048..96951c9 100644
--- a/scripts/imgtool/keys/rsa.py
+++ b/scripts/imgtool/keys/rsa.py
@@ -50,6 +50,9 @@
def sig_tlv(self):
return "RSA2048"
+ def sig_len(self):
+ return 256
+
class RSA2048(RSA2048Public):
"""
Wrapper around an 2048-bit RSA key, with imgtool support.