User Guide - nxpcrypto
This user’s guide describes how to use nxpcrypto application.
Command line interface
nxpcrypto
Collection of utilities for cryptographic operations.
nxpcrypto [OPTIONS] COMMAND [ARGS]...
Options
- -v, --verbose
Print more detailed information
- -vv, --debug
Display more debugging information.
- --version
Show the version and exit.
- --help
Show this message and exit.
cert
Group of command for working with x509 certificates.
nxpcrypto cert [OPTIONS] COMMAND [ARGS]...
generate
Generate certificate.
nxpcrypto cert generate [OPTIONS]
Options
- -j, -c, --config <config>
Required Path to yaml/json configuration file containing the parameters for certificate.
- -o, --output <output>
Required Path where certificate will be stored.
- -e, --encoding <encoding>
Encoding type. Default is PEM
- Options
PEM | DER
- --force
Force overwriting of an existing file. Create destination folder, if doesn’t exist already.
get-cfg-template
Generate the template of Certificate generation YML configuration file.
nxpcrypto cert get-cfg-template [OPTIONS] PATH
Options
- -f, --force
Force overwriting of an existing file. Create destination folder, if doesn’t exist already.
Arguments
- PATH
Required argument
verify
Verify signature or public key in certificate.
nxpcrypto cert verify [OPTIONS] PATH
Options
- -s, --sign <sign>
Path to key to verify certificate signature
- -p, --puk <puk>
Path to key to verify private key in certificate
Arguments
- PATH
Required argument
digest
Computes digest/hash of the given file.
nxpcrypto digest [OPTIONS]
Options
- -h, --hash <hash_name>
Required Name of a hash to use.
- Options
DSA-SHA | dsaWithSHA | MD5 | SHA | sha3_224 | SHA256 | MD4 | ecdsa-with-SHA1 | whirlpool | dsaEncryption | sha3_384 | blake2s | sha1 | ripemd160 | RIPEMD160 | SHA1 | blake2b | sha3_512 | shake_256 | DSA | SHA512 | sha224 | SHA384 | sha384 | sha512 | sha3_256 | sha256 | sha | SHA224 | md4 | md5 | shake_128
- -i, --infile <infile>
Required Path to a file to digest.
- -c, --compare <PATH | DIGEST>
Reference digest to compare. It may be directly on the command line or fetched from a file.
key
Group of commands for working with asymmetric keys.
nxpcrypto key [OPTIONS] COMMAND [ARGS]...
convert
Convert Asymmetric key into various formats.
nxpcrypto key convert [OPTIONS]
Options
- -f, --output-format <output_format>
Desired output format.
- Options
PEM | DER | RAW
- -i, --infile <infile>
Required Path to key file to convert.
- -o, --outfile <outfile>
Path to output file.
- -p, --puk
Extract public key instead of converting private key.
- --use-pkcs8, --no-pkcs8
Use/don’t use PKCS8 encoding for private keys, default: –use-pkcs8
generate
NXP Key Generator Tool.
nxpcrypto key generate [OPTIONS] PATH
Options
- -v, --verbose
Print more detailed information
- -vv, --debug
Display more debugging information.
- --version
Show the version and exit.
- --help
Show this message and exit.
- -k, --key-type <KEY-TYPE>
- Set of the supported key types. Default is RSA2048.
Note: NXP DAT protocol is using encryption keys by this table:
- NXP Protocol Version Encryption Type
1.0 RSA 2048 1.1 RSA 4096 2.0 SECP256R1 2.1 SECP384R1 2.2 SECP521R1
All possible options: rsa2048, rsa3072, rsa4096, prime192v1, prime256v1, secp192r1, secp224r1, secp256r1, secp384r1, secp521r1, secp256k1, sect163k1, sect233k1, sect283k1, sect409k1, sect571k1, sect163r2, sect233r1, sect283r1, sect409r1, sect571r1, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1.
- Options
rsa2048 | rsa3072 | rsa4096 | prime192v1 | prime256v1 | secp192r1 | secp224r1 | secp256r1 | secp384r1 | secp521r1 | secp256k1 | sect163k1 | sect233k1 | sect283k1 | sect409k1 | sect571k1 | sect163r2 | sect233r1 | sect283r1 | sect409r1 | sect571r1 | brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1
- --password <PASSWORD>
Password with which the output file will be encrypted. If not provided, the output will be unencrypted.
- --force
Force overwriting of an existing file.
Arguments
- PATH
Required argument
verify
Check whether provided keys form a key pair or represent the same key.
nxpcrypto key verify [OPTIONS] KEY1 KEY2
Arguments
- KEY1
Required argument
- KEY2
Required argument