User Guide - nxpcrypto
This user’s guide describes how to use nxpcrypto application.
Command line interface
nxpcrypto
Collection of utilities for cryptographic operations.
nxpcrypto [OPTIONS] COMMAND [ARGS]...
Options
- -v, --verbose
Print more detailed information
- -vv, --debug
Display more debugging information.
- --version
Show the version and exit.
- --help
Show this message and exit.
cert
Group of command for working with x509 certificates.
nxpcrypto cert [OPTIONS] COMMAND [ARGS]...
generate
Generate certificate.
The configuration template files could be generated by subcommand ‘get-template’.
nxpcrypto cert generate [OPTIONS]
Options
- -c, --config <config>
Required Path to the YAML/JSON configuration file.
- -o, --output <output>
Required Path to a file, where to store the output.
- --force
Force overwriting of existing files.
- -e, --encoding <encoding>
Encoding type. Default is PEM
- Options
PEM | DER
get-template
Generate the template of Certificate generation YML configuration file.
nxpcrypto cert get-template [OPTIONS]
Options
- -o, --output <output>
Required Path to a file, where to store the output.
- --force
Force overwriting of existing files.
verify
Verify signature or public key in certificate.
nxpcrypto cert verify [OPTIONS]
Options
- -c, --certificate <certificate>
Required Path to certificate to verify
- -s, --sign <sign>
Path to key to verify certificate signature
- -p, --puk <puk>
Path to key to verify public key in certificate
digest
Computes digest/hash of the given file.
nxpcrypto digest [OPTIONS]
Options
- -h, --hash <hash_name>
Required Name of a hash to use.
- Options
sha384 | sha512_224 | sha3_512 | sha512 | sha224 | md4 | blake2b | whirlpool | sha3_224 | sha512_256 | md5 | ripemd160 | blake2s | sha256 | shake_128 | shake_256 | sm3 | sha1 | sha3_384 | md5-sha1 | sha3_256
- -i, --input-file <input_file>
Required Path to a file to digest.
- -c, --compare <PATH | DIGEST>
Reference digest to compare. It may be directly on the command line or fetched from a file.
key
Group of commands for working with asymmetric keys.
nxpcrypto key [OPTIONS] COMMAND [ARGS]...
convert
Convert Asymmetric key into various formats.
nxpcrypto key convert [OPTIONS]
Options
- -e, --encoding <encoding>
Desired output format.
- Options
PEM | DER | RAW
- -i, --input-file <input_file>
Required Path to key file to convert.
- -o, --output <output>
Required Path to a file, where to store the output.
- -p, --puk
Extract public key instead of converting private key.
generate
NXP Key Generator Tool.
nxpcrypto key generate [OPTIONS]
Options
- -k, --key-type <KEY-TYPE>
- Set of the supported key types.
Note: NXP DAT protocol is using encryption keys by this table:
NXP Protocol Version Key Type 1.0 RSA 2048 1.1 RSA 4096 2.0 SECP256R1 2.1 SECP384R1 2.2 SECP521R1
All possible options: rsa2048, rsa3072, rsa4096, secp256r1, secp384r1, secp521r1, sm2.
- Options
rsa2048 | rsa3072 | rsa4096 | secp256r1 | secp384r1 | secp521r1 | sm2
- --password <PASSWORD>
Password with which the output file will be encrypted. If not provided, the output will be unencrypted.
- -o, --output <output>
Required Path to a file, where to store the output.
- --force
Force overwriting of existing files.
- -e, --encoding <encoding>
- Options
NXP | PEM | DER
verify
Check whether provided keys form a key pair or represent the same key.
The key could be private key, public key, or certificate. All combination are allowed. In case of certificates, the public key within certificate is considered. To verify certificate signature use nxpcrypto cert verify.
nxpcrypto key verify [OPTIONS]
Options
- -k1, --key1 <key1>
Required Path to key to verify.
- -k2, --key2 <key2>
Required Path to key for verification.
rot
Group of RoT commands.
nxpcrypto rot [OPTIONS] COMMAND [ARGS]...
calculate-hash
Calculate RoT hash.
nxpcrypto rot calculate-hash [OPTIONS]
Options
- -f, --family <family>
Required Select the chip family.
- Options
k32w1xx | kw45xx | lpc550x | lpc551x | lpc552x | lpc553x | lpc55s0x | lpc55s1x | lpc55s2x | lpc55s3x | lpc55s6x | mcxn9xx | mx8ulp | mx93 | nhs52sxx | rt101x | rt102x | rt105x | rt106x | rt116x | rt117x | rt118x | rt5xx | rt6xx | rw61x
- -k, --key <key>
Path to one or multiple keys or certificates.
- -p, --password <password>
Password when using encrypted private keys.
- -o, --output <output>
Path to a file, where to store the output.
export
Export RoT table.
nxpcrypto rot export [OPTIONS]
Options
- -f, --family <family>
Required Select the chip family.
- Options
k32w1xx | kw45xx | lpc550x | lpc551x | lpc552x | lpc553x | lpc55s0x | lpc55s1x | lpc55s2x | lpc55s3x | lpc55s6x | mcxn9xx | mx8ulp | mx93 | nhs52sxx | rt101x | rt102x | rt105x | rt106x | rt116x | rt117x | rt118x | rt5xx | rt6xx | rw61x
- -k, --key <key>
Path to one or multiple keys or certificates.
- -p, --password <password>
Password when using encrypted private keys.
- -o, --output <output>
Path to a file, where to store the output.