Steps to generate publicKeyhash.bin via openssl or any crypto utility

Hi @Rajesh Kannan Selvam​ ,

I recover this draft / not verified procedure in case it can help and give some pointers :

To generate the header, you need to follow the format given by the wiki https://wiki.st.com/stm32mpu/wiki/STM32_header_for_binary_files

The key and signature are stored in a raw binary format.

To extract raw public key from .pem file, I suggest you use the pycryptodome python module (https://pypi.org/project/pycryptodome/ ; https://pycryptodome.readthedocs.io/en/latest/, https://pycryptodome.readthedocs.io/en/latest/src/public_key/ecc.html)

First, use an openssl command to convert your .pem file into a .der one (pycryptodome doesn’t accept .pem files)

openssl ec -in privateKey.pem -outform der -out privateKey.der

Then, use this script as example:

-----------------------------------------------------------------------

from Cryptodome.PublicKey import ECC

def dump_buffer(buf,step=16,name=""):

print("%s (%d bytes):" % (name, len(buf)))

for i in range(0,len(buf),step):

print (" ".join(["%02X" % c for c in buf[i:i+step]]))

f = open('privateKey.der','rt')

key = ECC.import_key(f.read())

pubk = key.public_key()

dump_buffer(pubk.pointQ.x.to_bytes(),name="x")

dump_buffer(pubk.pointQ.y.to_bytes(),name="y")

from Cryptodome.Hash import SHA256

from Cryptodome.Signature import DSS

message = b'I give my permission to order #4355'

h = SHA256.new(message)

signer = DSS.new(key, 'fips-186-3')

signature = signer.sign(h)

dump_buffer(signature,name="signature")

-----------------------------------------------------------------------

Hope it help

Olivier