FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

how to create own private key in sbsfu

Go to solution
Roshan
Associate III

‎2021-06-02 06:05 AM

Hi all, I am trying to make an own private key on the SBSFU, if anyone has succeeded in this could you pass me the steps which I have to proceed with.

I went through An5056, then I tried to change ECCkey1 but in some cases. it works and it is upgrading with the previous key generated firmware without any issues. in general, this cannot happen. it should reject while installing since it has 2 different keys. So can anyone tell me where I have gone wrong?

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Jocelyn RICARD
ST Employee

‎2021-06-03 02:56 AM

Hello Roshan,

Here are 2 possible solutions:

1 Using openssl

The curve used in SBSFU is prime256v1

You can get this information for instance by typing:

openssl ec -in ECCKEY1.txt -noout -text

Private-Key: (256 bit)

priv:

  81:28:6e:70:04:2a:1f:76:9a:f4:84:f9:7e:f4:85:

  03:2f:15:bf:0b:3a:0f:93:18:1f:43:aa:ee:1d:ca:

  f3:bc

pub:

  04:ba:f2:97:f8:3e:e3:07:dc:16:c3:71:78:1d:f1:

  b0:3e:f0:95:b0:44:54:12:81:48:fb:2c:66:b9:54:

  3d:a5:4a:e8:26:04:76:b7:37:8b:3c:46:d8:fd:6a:

  63:61:7c:46:c3:7d:e9:46:44:31:6e:d7:e1:6d:ba:

  70:ed:44:ba:02

ASN1 OID: prime256v1

NIST CURVE: P-256

read EC key

Openssl provides a way to generate a key for this curve:

openssl ecparam -name prime256v1 -genkey -noout -out NewECCKey.pem 

Then just rename this NewECCKey.pem in ECCKEY1.txt to replace the one provided in the package.

2- Second possibility: Using provided prepare_image tool (located in Middlewares\ST\STM32_Secure_Engine\Utilities\KeysAndImages\win)

Just type command: 

prepareimage keygen -k NewECCKey.pem -t ecdsa-p256

Best regards

Jocelyn

View solution in original post

0 Kudos
1 REPLY 1
Go to solution
Jocelyn RICARD
ST Employee

‎2021-06-03 02:56 AM

Hello Roshan,

Here are 2 possible solutions:

1 Using openssl

The curve used in SBSFU is prime256v1

You can get this information for instance by typing:

openssl ec -in ECCKEY1.txt -noout -text

Private-Key: (256 bit)

priv:

  81:28:6e:70:04:2a:1f:76:9a:f4:84:f9:7e:f4:85:

  03:2f:15:bf:0b:3a:0f:93:18:1f:43:aa:ee:1d:ca:

  f3:bc

pub:

  04:ba:f2:97:f8:3e:e3:07:dc:16:c3:71:78:1d:f1:

  b0:3e:f0:95:b0:44:54:12:81:48:fb:2c:66:b9:54:

  3d:a5:4a:e8:26:04:76:b7:37:8b:3c:46:d8:fd:6a:

  63:61:7c:46:c3:7d:e9:46:44:31:6e:d7:e1:6d:ba:

  70:ed:44:ba:02

ASN1 OID: prime256v1

NIST CURVE: P-256

read EC key

Openssl provides a way to generate a key for this curve:

openssl ecparam -name prime256v1 -genkey -noout -out NewECCKey.pem 

Then just rename this NewECCKey.pem in ECCKEY1.txt to replace the one provided in the package.

2- Second possibility: Using provided prepare_image tool (located in Middlewares\ST\STM32_Secure_Engine\Utilities\KeysAndImages\win)

Just type command: 

prepareimage keygen -k NewECCKey.pem -t ecdsa-p256

Best regards

Jocelyn

0 Kudos
Top