def genkey(ctx: click.Context, path: str, password: str, force: bool) -> None: """Generate key pair for RoT or DCK. \b PATH - path where the key pairs will be stored """ is_rsa = ctx.obj['is_rsa'] key_param = ctx.obj['key_param'] check_destination_dir(path, force) check_file_exists(path, force) if is_rsa: logger.info("Generating RSA private key...") priv_key_rsa = generate_rsa_private_key(key_size=key_param) logger.info("Generating RSA corresponding public key...") pub_key_rsa = generate_rsa_public_key(priv_key_rsa) logger.info("Saving RSA key pair...") save_rsa_private_key(priv_key_rsa, path, password if password else None) save_rsa_public_key(pub_key_rsa, os.path.splitext(path)[0] + '.pub') else: logger.info("Generating ECC private key...") priv_key_ec = generate_ecc_private_key(curve_name=key_param) logger.info("Generating ECC public key...") pub_key_ec = generate_ecc_public_key(priv_key_ec) logger.info("Saving ECC key pair...") save_ecc_private_key(priv_key_ec, path, password if password else None) save_ecc_public_key(pub_key_ec, os.path.splitext(path)[0] + '.pub')
def test_certificate_generation(tmpdir): ca_priv_key = generate_rsa_private_key() save_rsa_private_key(ca_priv_key, path.join(tmpdir, "ca_private_key.pem")) ca_pub_key = generate_rsa_public_key(ca_priv_key) save_rsa_public_key(ca_pub_key, path.join(tmpdir, "ca_pub_key.pem")) assert path.isfile(path.join(tmpdir, "ca_private_key.pem")) assert path.isfile(path.join(tmpdir, "ca_pub_key.pem")) subject = issuer = generate_name_struct("highest", "CZ") ca_cert = generate_certificate(subject, issuer, ca_pub_key, ca_priv_key, if_ca=True) save_crypto_item(ca_cert, path.join(tmpdir, "ca_cert.pem")) assert path.isfile(path.join(tmpdir, "ca_cert.pem")) srk_priv_key = generate_rsa_private_key() save_rsa_private_key(srk_priv_key, path.join(tmpdir, "srk_priv_key.pem")) assert path.isfile(path.join(tmpdir, "srk_priv_key.pem")) srk_pub_key = generate_rsa_public_key(srk_priv_key) save_rsa_public_key(srk_pub_key, path.join(tmpdir, "srk_pub_key.pem")) assert path.isfile(path.join(tmpdir, "srk_pub_key.pem")) srk_subject = generate_name_struct("srk", "UK") srk_cert = generate_certificate(srk_subject, issuer, srk_pub_key, ca_priv_key, if_ca=False) save_crypto_item(srk_cert, path.join(tmpdir, "srk1.pem")) assert path.isfile(path.join(tmpdir, "srk1.pem"))
def test_certificate_generation(tmpdir): ca_priv_key = generate_rsa_private_key() save_rsa_private_key(ca_priv_key, path.join(tmpdir, "ca_private_key.pem")) ca_pub_key = generate_rsa_public_key(ca_priv_key) save_rsa_public_key(ca_pub_key, path.join(tmpdir, "ca_pub_key.pem")) assert path.isfile(path.join(tmpdir, "ca_private_key.pem")) assert path.isfile(path.join(tmpdir, "ca_pub_key.pem")) data = yaml.safe_load( """ COMMON_NAME: xyz DOMAIN_COMPONENT: [com, nxp, wbi] ORGANIZATIONAL_UNIT_NAME: [NXP, CZ, Managed Users, Developers] """ ) subject = issuer = generate_name(data) ca_cert = generate_certificate(subject, issuer, ca_pub_key, ca_priv_key, if_ca=True) save_crypto_item(ca_cert, path.join(tmpdir, "ca_cert.pem")) assert path.isfile(path.join(tmpdir, "ca_cert.pem")) data = yaml.safe_load( """ - COMMON_NAME: ccccc - DOMAIN_COMPONENT: [com, nxp, wbi] - ORGANIZATIONAL_UNIT_NAME: NXP - ORGANIZATIONAL_UNIT_NAME: CZ - ORGANIZATIONAL_UNIT_NAME: Managed Users - ORGANIZATIONAL_UNIT_NAME: Developers """ ) subject = issuer = generate_name(data) ca_cert = generate_certificate(subject, issuer, ca_pub_key, ca_priv_key, if_ca=True) save_crypto_item(ca_cert, path.join(tmpdir, "ca_cert_1.pem")) assert path.isfile(path.join(tmpdir, "ca_cert_1.pem"))
def main(log_level: str, key_type: str, path: str, password: str, force: bool) -> int: """NXP Key Generator Tool. \b PATH - output file path, where the key pairs (private and public key) will be stored. Each key will be stored in separate file (.pub and .pem). """ logging.basicConfig(level=log_level.upper()) key_param = key_type.lower().strip() is_rsa = "rsa" in key_param check_destination_dir(path, force) check_file_exists(path, force) pub_key_path = os.path.splitext(path)[0] + ".pub" check_file_exists(pub_key_path, force) if is_rsa: logger.info("Generating RSA private key...") priv_key_rsa = generate_rsa_private_key( key_size=int(key_param.replace("rsa", ""))) logger.info("Generating RSA corresponding public key...") pub_key_rsa = generate_rsa_public_key(priv_key_rsa) logger.info("Saving RSA key pair...") save_rsa_private_key(priv_key_rsa, path, password if password else None) save_rsa_public_key(pub_key_rsa, pub_key_path) else: logger.info("Generating ECC private key...") priv_key_ec = generate_ecc_private_key(curve_name=key_param) logger.info("Generating ECC public key...") pub_key_ec = generate_ecc_public_key(priv_key_ec) logger.info("Saving ECC key pair...") save_ecc_private_key(priv_key_ec, path, password if password else None) save_ecc_public_key(pub_key_ec, pub_key_path) return 0
def keys_generation(data_dir): priv_key = generate_rsa_private_key() pub_key = generate_rsa_public_key(priv_key) save_rsa_private_key(priv_key, path.join(data_dir, "priv.pem")) save_rsa_public_key(pub_key, path.join(data_dir, "pub.pem"))
#!/usr/bin/env python # -*- coding: UTF-8 -*- # # Copyright 2021 NXP # # SPDX-License-Identifier: BSD-3-Clause from spsdk.crypto import load_certificate, save_rsa_public_key cert = load_certificate("keys_and_certs/root_k0_signed_cert0_noca.der.cert") pub_key = cert.public_key() save_rsa_public_key(pub_key, "keys_and_cers/root_k0_public_key.pub")