imgtool: add option to export public PEM
Update `getpub` with new `lang` option, "pem", which allows exporting a
public key as a PEM file. This can later be distributed to be used for
encrypting an image, and gets away with having to use openssl for this
step.
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/scripts/imgtool/keys/ecdsa.py b/scripts/imgtool/keys/ecdsa.py
index e45492b..9198bb4 100644
--- a/scripts/imgtool/keys/ecdsa.py
+++ b/scripts/imgtool/keys/ecdsa.py
@@ -33,6 +33,11 @@
encoding=serialization.Encoding.DER,
format=serialization.PublicFormat.SubjectPublicKeyInfo)
+ def get_public_pem(self):
+ return self._get_public().public_bytes(
+ encoding=serialization.Encoding.PEM,
+ format=serialization.PublicFormat.SubjectPublicKeyInfo)
+
def get_private_bytes(self, minimal):
self._unsupported('get_private_bytes')
diff --git a/scripts/imgtool/keys/general.py b/scripts/imgtool/keys/general.py
index 8e3c65b..77caf5d 100644
--- a/scripts/imgtool/keys/general.py
+++ b/scripts/imgtool/keys/general.py
@@ -37,6 +37,9 @@
indent=" ",
file=file)
+ def emit_public_pem(self, file=sys.stdout):
+ print(str(self.get_public_pem(), 'utf-8'), file=file, end='')
+
def emit_private(self, minimal, file=sys.stdout):
self._emit(
header="const unsigned char enc_priv_key[] = {",
diff --git a/scripts/imgtool/keys/rsa.py b/scripts/imgtool/keys/rsa.py
index d8543ed..d51d36d 100644
--- a/scripts/imgtool/keys/rsa.py
+++ b/scripts/imgtool/keys/rsa.py
@@ -44,6 +44,11 @@
encoding=serialization.Encoding.DER,
format=serialization.PublicFormat.PKCS1)
+ def get_public_pem(self):
+ return self._get_public().public_bytes(
+ encoding=serialization.Encoding.PEM,
+ format=serialization.PublicFormat.SubjectPublicKeyInfo)
+
def get_private_bytes(self, minimal):
self._unsupported('get_private_bytes')
diff --git a/scripts/imgtool/keys/x25519.py b/scripts/imgtool/keys/x25519.py
index a31cb3f..1e0aadb 100644
--- a/scripts/imgtool/keys/x25519.py
+++ b/scripts/imgtool/keys/x25519.py
@@ -34,6 +34,11 @@
encoding=serialization.Encoding.DER,
format=serialization.PublicFormat.SubjectPublicKeyInfo)
+ def get_public_pem(self):
+ return self._get_public().public_bytes(
+ encoding=serialization.Encoding.PEM,
+ format=serialization.PublicFormat.SubjectPublicKeyInfo)
+
def get_private_bytes(self, minimal):
self._unsupported('get_private_bytes')
diff --git a/scripts/imgtool/main.py b/scripts/imgtool/main.py
index 12e5812..f50f01c 100755
--- a/scripts/imgtool/main.py
+++ b/scripts/imgtool/main.py
@@ -59,7 +59,7 @@
keys.X25519.generate().export_private(path=keyfile, passwd=passwd)
-valid_langs = ['c', 'rust']
+valid_langs = ['c', 'rust', 'pem']
keygens = {
'rsa-2048': gen_rsa2048,
'rsa-3072': gen_rsa3072,
@@ -125,6 +125,8 @@
key.emit_c_public()
elif lang == 'rust':
key.emit_rust_public()
+ elif lang == 'pem':
+ key.emit_public_pem()
else:
raise ValueError("BUG: should never get here!")