imgtool: Improve ECDSA key generation
This patch improves the existing ECDSA key generation feature
in the imgtool by:
- Fix a bug in the 'minimal' representation of PKCS#8 keys where
the resulting ASN.1 DER encoding is not compliant
- Add the option to export ECDSA private keys in SEC1 format by
providing a command line option -f or --format that can be
'openssl' (for SEC1 format) or 'pkcs8'. This format ends up in
key encodings which are generally smaller than PKCS#8.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
diff --git a/scripts/imgtool/keys/general.py b/scripts/imgtool/keys/general.py
index 77caf5d..033a70f 100644
--- a/scripts/imgtool/keys/general.py
+++ b/scripts/imgtool/keys/general.py
@@ -6,6 +6,7 @@
AUTOGEN_MESSAGE = "/* Autogenerated by imgtool.py, do not edit. */"
+
class KeyClass(object):
def _emit(self, header, trailer, encoded_bytes, indent, file=sys.stdout, len_format=None):
print(AUTOGEN_MESSAGE, file=file)
@@ -40,11 +41,11 @@
def emit_public_pem(self, file=sys.stdout):
print(str(self.get_public_pem(), 'utf-8'), file=file, end='')
- def emit_private(self, minimal, file=sys.stdout):
+ def emit_private(self, minimal, format, file=sys.stdout):
self._emit(
header="const unsigned char enc_priv_key[] = {",
trailer="};",
- encoded_bytes=self.get_private_bytes(minimal),
+ encoded_bytes=self.get_private_bytes(minimal, format),
indent=" ",
len_format="const unsigned int enc_priv_key_len = {};",
file=file)