Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature request: option to export "raw" uncompressed ECDSA keys #2101

Open
JordanYates opened this issue Oct 18, 2024 · 2 comments
Open

Feature request: option to export "raw" uncompressed ECDSA keys #2101

JordanYates opened this issue Oct 18, 2024 · 2 comments

Comments

@JordanYates
Copy link

Since this commit, the Trusted-Firmware M project requires the embedded public keys to be in a "raw" (not RFC5840) form.

As far as I can tell, there is currently no way to export a key in this form from imgtool.
It can be hacked into getpub by adding the following (P-384 needs 48 byte integers instead of 32):

    numbers = key._get_public().public_numbers()
    raw_key = b'\x04' + numbers.x.to_bytes(32, 'big') + numbers.y.to_bytes(32, 'big')
    print(','.join([f'0x{b:02x}'  for b in raw_key]))

I've spent some time on trying to add this feature simply, but I'm not sure on the best approach given this is probably quite ECDSA specific.

@de-nordic
Copy link
Collaborator

@JordanYates As far as I understand that could be also used with #2089? to further reduce code size?

@JordanYates
Copy link
Author

@JordanYates As far as I understand that could be also used with #2089? to further reduce code size?

I have no comment on that, this is purely on the imgtool side (although TF-M probably made the change for the same reason).
It is not currently possible to get the key in a form usable for TF-M with imgtool, which is unfortunate since mcuboot is the primary bootloader.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants