Contents hide
1 UM2542 STM32MPx Series Key Generator Software
2 Product Information
2.1 Specifications
2.2 Product Usage Instructions
2.2.1 1. Install STM32MP-KeyGen
2.2.2 2. STM32MP-KeyGen Command Line Interface
2.2.3 3. Examples
2.3 FAQ
2.3.1 Q: How many key pairs can be generated at once?
2.3.2 Q: What encryption algorithms are supported?
2.3.3 Documents / Resources
2.3.3.1 References
2.3.4 Related Posts

UM2542 STM32MPx Series Key Generator Software

Product Information

Specifications

  • Product Name: STM32MPx series key generator software
  • Version: UM2542 – Rev 3
  • Release Date: June 2024
  • Manufacturer: STMicroelectronics

Product Usage Instructions

1. Install STM32MP-KeyGen

To install the STM32MP-KeyGen software, follow the installation
instructions provided in the user manual.

2. STM32MP-KeyGen Command Line Interface

The STM32MP-KeyGen software can be used from the command line
interface. Below are the available commands:

  • –private-key (-prvk)
  • –public-key (-pubk)
  • –public-key-hash (-hash)
  • –absolute-path (-abs)
  • –password (-pwd)
  • –prvkey-enc (-pe)
  • –ecc-algo (-ecc)
  • –help (-h and -?)
  • –version (-v)
  • –number-key (-n)

3. Examples

Here are some examples of how to use STM32MP-KeyGen:

    • Example 1: -abs /home/user/KeyFolder/ -pwd azerty
    • Example 2: -abs /home/user/KeyFolder/ -pwd azerty -pe
      aes128

FAQ

Q: How many key pairs can be generated at once?

A: You can generate up to eight key pairs simultaneously by
providing eight passwords.

Q: What encryption algorithms are supported?

A: The software supports aes256 and aes128 encryption
algorithms.

View Fullscreen

UM2542
User manual
STM32MPx series key generator software description
Introduction
The STM32MPx series key generator software (named STM32MP-KeyGen in this document) is integrated in the STM32CubeProgrammer (STM32CubeProg). STM32MP-KeyGen is a tool that generates the ECC keys pair needed for signing binary images. The generated keys are used by the STM32 Signing tool for signing process. STM32MP-KeyGen generates a public key file, a private key file and a hash public key file. The public key file contains the generated ECC public key in PEM format. The private key file contains the encrypted ECC private key in PEM format. The encryption can be done using the aes 128 cbc or aes 256 cbc ciphers. The cipher selection is done using the –prvkey-enc option. The hash public key file contains the SHA-256 hash of the public key in binary format. The SHA-256 hash is calculated based on the public key without any encoding format. The first byte of the public key is present just to indicate whether the public key is in compressed or uncompressed format. Since only uncompressed format is supported, this byte is removed.

DT51280V1

UM2542 – Rev 3 – June 2024 For further information contact your local STMicroelectronics sales office.

www.st.com

1
Note:

UM2542
Install STM32MP-KeyGen
Install STM32MP-KeyGen
This tool is installed with the STM32CubeProgrammer package (STM32CubeProg). For more information about the set-up procedure, refer to the section 1.2 of the user manual STM32CubeProgrammer software description (UM2237). This software applies to the STM32MPx series Arm®-based MPUs. Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere.

UM2542 – Rev 3

page 2/8

UM2542
STM32MP-KeyGen command line interface

2

STM32MP-KeyGen command line interface

The following sections describe how to use STM32MP-KeyGen from command line.

2.1

Commands

The available commands are listed below:

·

–private-key (-prvk)

­ Description: private key file path (.pem extension)

­ Syntax: -prvk <private_key_file_path>

­ Example: -prvk ../privateKey.pem

·

–public-key (-pubk)

­ Description: Public key file path (.pem extension)

­ Syntax: -pubk <public_key_file_path>

­ Example: -pubk C:publicKey.pem

·

–public-key-hash (-hash)

­ Description: Hash image file path (.bin extension)

­ Syntax: -hash <hash_file_path>

·

–absolute-path (-abs)

­ Description: Absolute path for output files

­ Syntax: -abs <absolue_path_folder_path>

­ Example: -abs C:KeyFolder

·

–password (-pwd)

­ Description: Password of the private key (this password must contain at least four characters)

­ Example: -pwd azerty

Note:

Include eight passwords to generate eight keypairs.

­ Syntax 1:-pwd <Password>

­ Syntax 2: -pwd <Password1> <Password2> <Password3> <Password4> <Password5> <Password6> <Password7> <Password8>

·

–prvkey-enc (-pe)

­ Description: Encrypting private key algorithm (aes128/aes256) (aes256 algorithm is the default algorithm)

­ Syntax: -pe aes128

·

–ecc-algo (-ecc)

­ Description: ECC algorithm for keys generation (prime256v1/brainpoolP256t1) (prime256v1 is the default algorithm)

­ Syntax: -ecc prime256v1

·

–help (-h and -?)

­ Description: Shows help.

·

–version (-v)

­ Description: Displays the tool version.

·

–number-key (-n)

­ Description: Generate number of key pairs {1 or 8} with Hash of table file

­ Syntax: -n <number>

UM2542 – Rev 3

page 3/8

UM2542
STM32MP-KeyGen command line interface

2.2

Examples

The following examples show how to use STM32MP-KeyGen:

·

Example 1

-abs /home/user/KeyFolder/ -pwd azerty

All files (publicKey.pem, privateKey.pem and publicKeyhash.bin) are created in the /home/user/KeyFolder/ folder. The private key is encrypted with the aes256 default algorithm.

·

Example 2

-abs /home/user/keyFolder/ -pwd azerty ­pe aes128

All files (publicKey.pem, privateKey.pem and publicKeyhash.bin) are created in the /home/user/KeyFolder/ folder. The private key is encrypted with the aes128 algorithm.

·

Example 3

-pubk /home/user/public.pem ­prvk /home/user/Folder1/Folder2/private.pem ­hash /home/user/pubKeyHash.bin ­pwd azerty

Even if the Folder1 and Folder2 does not exist, they are created.

·

Example 4

Generate eight key pairs in the working directory:

./STM32MP_KeyGen_CLI.exe -abs . -pwd abc1 abc2 abc3 abc4 abc5 abc6 abc7 abc8 -n 8

The output gives the following files: ­ eight public key files: publicKey0x{0..7}.pem ­ eight private key files: privateKey0x{0..7}.pem ­ eight public key hash files: publicKeyHash0x{0..7}.bin ­ one file of PKTH: publicKeysHashHashes.bin

·

Example 5

Generate one key pair in the working directory:

./STM32MP_KeyGen_CLI.exe -abs . -pwd abc1 -n 1

The output gives the following files: ­ one public key file: publicKey.pem ­ one private key file: privateKey.pem ­ one public key hash file: publicKeyHash.bin ­ one file of PKTH: publicKeysHashHashes.bin

UM2542 – Rev 3

page 4/8

UM2542
STM32MP-KeyGen command line interface

2.3

Standalone mode

When executing STM32MP-KeyGen in Standalone mode, an absolute path and a password are requested as shown in the figure below.

Figure 1. STM32MP-KeyGen in Standalone mode

When the user press <Enter>, the files are generated in the <C:UsersUser_Name.STM32AP_KeyGen/> folder.
Then enter the password twice and select one of the two algorithms (prime256v1 or brainpoolP256t1) by pressing the respective key (1 or 2).
Finally select an encrypting algorithm (aes256 or aes128) by pressing the respective key (1 or 2).

UM2542 – Rev 3

page 5/8

Revision history
Date 14-Feb-2019 24-Nov-2021
26-Jun-2024

Table 1. Document revision history

Version 1 2
3

Changes
Initial release.
Updated: · Section 2.1: Commands · Section 2.2: Examples
Replaced in the whole document: · STM32MP1 series by STM32MPx series · STM32MP1-KeyGen by STM32MP-KeyGen

UM2542

UM2542 – Rev 3

page 6/8

UM2542
Contents
Contents
1 Install STM32MP-KeyGen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 2 STM32MP-KeyGen command line interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1 Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.3 Standalone mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Revision history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

UM2542 – Rev 3

page 7/8

UM2542
IMPORTANT NOTICE ­ READ CAREFULLY STMicroelectronics NV and its subsidiaries (“ST”) reserve the right to make changes, corrections, enhancements, modifications, and improvements to ST products and/or to this document at any time without notice. Purchasers should obtain the latest relevant information on ST products before placing orders. ST products are sold pursuant to ST’s terms and conditions of sale in place at the time of order acknowledgment. Purchasers are solely responsible for the choice, selection, and use of ST products and ST assumes no liability for application assistance or the design of purchasers’ products. No license, express or implied, to any intellectual property right is granted by ST herein. Resale of ST products with provisions different from the information set forth herein shall void any warranty granted by ST for such product. ST and the ST logo are trademarks of ST. For additional information about ST trademarks, refer to www.st.com/trademarks. All other product or service names are the property of their respective owners. Information in this document supersedes and replaces information previously supplied in any prior versions of this document.
© 2024 STMicroelectronics ­ All rights reserved

UM2542 – Rev 3

page 8/8

Documents / Resources

STMicroelectronics UM2542 STM32MPx Series Key Generator Software [pdf] User Manual
UM2542, DT51280V1, UM2542 STM32MPx Series Key Generator Software, UM2542, STM32MPx Series Key Generator Software, Series Key Generator Software, Key Generator Software, Generator Software, Software

References

Related Posts

Leave a comment

Your email address will not be published. Required fields are marked *