Skip to main content
Roshan
Roshan
Associate III
June 2, 2021
Solved

how to create own private key in sbsfu

  • June 2, 2021
  • 1 reply
  • 1068 views

Hi all, I am trying to make an own private key on the SBSFU, if anyone has succeeded in this could you pass me the steps which I have to proceed with.

I went through An5056, then I tried to change ECCkey1 but in some cases. it works and it is upgrading with the previous key generated firmware without any issues. in general, this cannot happen. it should reject while installing since it has 2 different keys. So can anyone tell me where I have gone wrong?

This topic has been closed for replies.
Best answer by Jocelyn RICARD

Hello Roshan,

Here are 2 possible solutions:

1 Using openssl

The curve used in SBSFU is prime256v1

You can get this information for instance by typing:

openssl ec -in ECCKEY1.txt -noout -text

Private-Key: (256 bit)

priv:

  81:28:6e:70:04:2a:1f:76:9a:f4:84:f9:7e:f4:85:

  03:2f:15:bf:0b:3a:0f:93:18:1f:43:aa:ee:1d:ca:

  f3:bc

pub:

  04:ba:f2:97:f8:3e:e3:07:dc:16:c3:71:78:1d:f1:

  b0:3e:f0:95:b0:44:54:12:81:48:fb:2c:66:b9:54:

  3d:a5:4a:e8:26:04:76:b7:37:8b:3c:46:d8:fd:6a:

  63:61:7c:46:c3:7d:e9:46:44:31:6e:d7:e1:6d:ba:

  70:ed:44:ba:02

ASN1 OID: prime256v1

NIST CURVE: P-256

read EC key

Openssl provides a way to generate a key for this curve:

openssl ecparam -name prime256v1 -genkey -noout -out NewECCKey.pem 

Then just rename this NewECCKey.pem in ECCKEY1.txt to replace the one provided in the package.

2- Second possibility: Using provided prepare_image tool (located in Middlewares\ST\STM32_Secure_Engine\Utilities\KeysAndImages\win)

Just type command: 

prepareimage keygen -k NewECCKey.pem -t ecdsa-p256

Best regards

Jocelyn

1 reply

Jocelyn RICARD
Jocelyn RICARDBest answer
ST Employee
June 3, 2021

Hello Roshan,

Here are 2 possible solutions:

1 Using openssl

The curve used in SBSFU is prime256v1

You can get this information for instance by typing:

openssl ec -in ECCKEY1.txt -noout -text

Private-Key: (256 bit)

priv:

  81:28:6e:70:04:2a:1f:76:9a:f4:84:f9:7e:f4:85:

  03:2f:15:bf:0b:3a:0f:93:18:1f:43:aa:ee:1d:ca:

  f3:bc

pub:

  04:ba:f2:97:f8:3e:e3:07:dc:16:c3:71:78:1d:f1:

  b0:3e:f0:95:b0:44:54:12:81:48:fb:2c:66:b9:54:

  3d:a5:4a:e8:26:04:76:b7:37:8b:3c:46:d8:fd:6a:

  63:61:7c:46:c3:7d:e9:46:44:31:6e:d7:e1:6d:ba:

  70:ed:44:ba:02

ASN1 OID: prime256v1

NIST CURVE: P-256

read EC key

Openssl provides a way to generate a key for this curve:

openssl ecparam -name prime256v1 -genkey -noout -out NewECCKey.pem 

Then just rename this NewECCKey.pem in ECCKEY1.txt to replace the one provided in the package.

2- Second possibility: Using provided prepare_image tool (located in Middlewares\ST\STM32_Secure_Engine\Utilities\KeysAndImages\win)

Just type command: 

prepareimage keygen -k NewECCKey.pem -t ecdsa-p256

Best regards

Jocelyn

Terms & ConditionsAccessibility statement