Skip to main content
Visitor II
February 10, 2021
Question

Steps to generate publicKeyhash.bin via openssl or any crypto utility

  • February 10, 2021
  • 1 reply
  • 904 views

We are using STM32MP157c-DK2 board. Using STM32MP_KeyGen_CLI tool generated public key, private key and publicKeyhash.bin. 

As mentioned in STM32 webpage, https://wiki.st.com/stm32mpu/wiki/KeyGen_tool

Hash public key contains the SHA-256 hash of the public key in binary format which generated by Gen tool.

Is there a way or steps to generate same publicKeyhash.bin (without using STM32 key_Gen tool) via openssl or any other crypto utility 

    This topic has been closed for replies.

    1 reply

    Technical Moderator
    February 24, 2021

    Hi @Rajesh Kannan Selvam​ ,

    I recover this draft / not verified procedure in case it can help and give some pointers :

    To generate the header, you need to follow the format given by the wiki https://wiki.st.com/stm32mpu/wiki/STM32_header_for_binary_files

    The key and signature are stored in a raw binary format.

    To extract raw public key from .pem file, I suggest you use the pycryptodome python module (https://pypi.org/project/pycryptodome/ ; https://pycryptodome.readthedocs.io/en/latest/, https://pycryptodome.readthedocs.io/en/latest/src/public_key/ecc.html)

    First, use an openssl command to convert your .pem file into a .der one (pycryptodome doesn’t accept .pem files)

    openssl ec -in privateKey.pem -outform der -out privateKey.der

    Then, use this script as example:

    -----------------------------------------------------------------------

    from Cryptodome.PublicKey import ECC

    def dump_buffer(buf,step=16,name=""):

    print("%s (%d bytes):" % (name, len(buf)))

    for i in range(0,len(buf),step):

    print (" ".join(["%02X" % c for c in buf[i:i+step]]))

    f = open('privateKey.der','rt')

    key = ECC.import_key(f.read())

    pubk = key.public_key()

    dump_buffer(pubk.pointQ.x.to_bytes(),name="x")

    dump_buffer(pubk.pointQ.y.to_bytes(),name="y")

    from Cryptodome.Hash import SHA256

    from Cryptodome.Signature import DSS

    message = b'I give my permission to order #4355'

    h = SHA256.new(message)

    signer = DSS.new(key, 'fips-186-3')

    signature = signer.sign(h)

    dump_buffer(signature,name="signature")

    -----------------------------------------------------------------------

    Hope it help

    Olivier