User Guide - nxpkeygen¶
This user’s guide describes how to use nxpkeygen application.
nxpkeygen¶
NXP Key Generator Tool.
nxpkeygen [OPTIONS] COMMAND [ARGS]...
Options
-
-d
,
--debug
<LEVEL>
¶ Set the level of system logging output. Available options are: critical, fatal, error, warn, warning, info, debug, notset
- Options
critical | fatal | error | warn | warning | info | debug | notset
-
--version
¶
Show the version and exit.
nxpkeygen - Sub-commands¶
nxpkeygen consist of a set of sub-commands followed by options and arguments. The options and the sub-command are separated with a ‘–’.
nxpkeygen [options] -- [sub-command]
The “help” guide of nxpkeygen lists all of the options and sub-commands supported by the nxpkeygen utility.
nxpkeygen --help
nxpkeygen gendc¶
Generate debug certificate (DC).
nxpkeygen gendc [OPTIONS] PATH
Options
-
-p
,
--protocol
<VERSION>
¶ Set the protocol version. Default is 1.0 (RSA). NXP Protocol Version Encryption Type 1.0 RSA 2048 1.1 RSA 4096 2.0 NIST P-256 SECP256R1 2.1 NIST P-384 SECP384R1 2.2 NIST P-521 SECP521R1
-
-c
,
--config
<config>
¶ Required Specify YAML credential config file.
-
-e
,
--elf2sb-config
<elf2sb_config>
¶ Specify Root Of Trust from configuration file used by elf2sb tool
-
--force
¶
Force overwriting of an existing file. Create destination folder, if doesn’t exist already.
-
--plugin
<plugin>
¶ External python file containing a custom SignatureProvider implementation.
Arguments
-
PATH
¶
Required argument
nxpkeygen genkey¶
Generate key pair for RoT or DCK.
nxpkeygen genkey [OPTIONS] PATH
Options
-
-k
,
--key-type
<KEY-TYPE>
¶ Set of the supported key types. Default is RSA2048.
Note: NXP DAT protocol is using encryption keys by this table:
- NXP Protocol Version Encryption Type
1.0 RSA 2048 1.1 RSA 4096 2.0 SECP256R1 2.1 SECP384R1 2.2 SECP521R1
All possible options: rsa2048, rsa3072, rsa4096, prime192v1, prime256v1, secp192r1, secp224r1, secp256r1, secp384r1, secp521r1, secp256k1, sect163k1, sect233k1, sect283k1, sect409k1, sect571k1, sect163r2, sect233r1, sect283r1, sect409r1, sect571r1, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1.
- Options
rsa2048 | rsa3072 | rsa4096 | prime192v1 | prime256v1 | secp192r1 | secp224r1 | secp256r1 | secp384r1 | secp521r1 | secp256k1 | sect163k1 | sect233k1 | sect283k1 | sect409k1 | sect571k1 | sect163r2 | sect233r1 | sect283r1 | sect409r1 | sect571r1 | brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1
-
--password
<PASSWORD>
¶ Password with which the output file will be encrypted. If not provided, the output will be unencrypted.
-
--force
¶
Force overwriting of an existing file.
Arguments
-
PATH
¶
Required argument
nxpkeygen get-cfg-template¶
Generate the template of Debug Credentials YML configuration file.
nxpkeygen get-cfg-template [OPTIONS] PATH
Options
-
-f
,
--force
¶
Force overwriting of an existing file. Create destination folder, if doesn’t exist already.
Arguments
-
PATH
¶
Required argument