imgtool: Improve ECDSA key generation
This patch improves the existing ECDSA key generation feature
in the imgtool by:
- Fix a bug in the 'minimal' representation of PKCS#8 keys where
the resulting ASN.1 DER encoding is not compliant
- Add the option to export ECDSA private keys in SEC1 format by
providing a command line option -f or --format that can be
'openssl' (for SEC1 format) or 'pkcs8'. This format ends up in
key encodings which are generally smaller than PKCS#8.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
diff --git a/scripts/imgtool/main.py b/scripts/imgtool/main.py
old mode 100755
new mode 100644
index f7d8eea..e43eaf1
--- a/scripts/imgtool/main.py
+++ b/scripts/imgtool/main.py
@@ -69,6 +69,7 @@
'ed25519': gen_ed25519,
'x25519': gen_x25519,
}
+valid_formats = ['openssl', 'pkcs8']
def load_signature(sigfile):
with open(sigfile, 'rb') as f:
@@ -150,13 +151,17 @@
'might require changes to the build config. Check the docs!'
)
@click.option('-k', '--key', metavar='filename', required=True)
+@click.option('-f', '--format',
+ type=click.Choice(valid_formats),
+ help='Valid formats: {}'.format(', '.join(valid_formats)),
+ default='pkcs8')
@click.command(help='Dump private key from keypair')
-def getpriv(key, minimal):
+def getpriv(key, minimal, format):
key = load_key(key)
if key is None:
print("Invalid passphrase")
try:
- key.emit_private(minimal)
+ key.emit_private(minimal, format)
except (RSAUsageError, ECDSAUsageError, Ed25519UsageError,
X25519UsageError) as e:
raise click.UsageError(e)