https://community.nxp.com/t5/i-MX-Processors/Code-Signing-Tool-with-keys-in-HSM/m-p/1898519#M225826 <P>Hi</P><P>when signing an bootloader with code signing tool (cst) the private key is needed to create the signature.</P><P>We want to have the private keys in a HSM but not the certificates (which are stored on the file system)</P><P>All the examples define the certificate to be used for signing (e.g. in the CSF file):</P><P><EM>[Install CSFK]</EM><BR /><EM>File = "pkcs11:token=CST-HSM-DEMO;object=CSF1_1_sha256_2048_65537_v3_usr;type=<STRONG>cert</STRONG>;pin-value=${USR_PIN}"</EM></P><P>So I wondering how I can tell the cst which private key it should use.</P><P>Thanks in advance</P><P>Thomas</P> Wed, 03 Jul 2024 16:27:12 GMT ThomasGu 2024-07-03T16:27:12Z https://community.nxp.com/t5/i-MX-Processors/Code-Signing-Tool-with-keys-in-HSM/m-p/1898519#M225826 <P>Hi</P><P>when signing an bootloader with code signing tool (cst) the private key is needed to create the signature.</P><P>We want to have the private keys in a HSM but not the certificates (which are stored on the file system)</P><P>All the examples define the certificate to be used for signing (e.g. in the CSF file):</P><P><EM>[Install CSFK]</EM><BR /><EM>File = "pkcs11:token=CST-HSM-DEMO;object=CSF1_1_sha256_2048_65537_v3_usr;type=<STRONG>cert</STRONG>;pin-value=${USR_PIN}"</EM></P><P>So I wondering how I can tell the cst which private key it should use.</P><P>Thanks in advance</P><P>Thomas</P> Wed, 03 Jul 2024 16:27:12 GMT https://community.nxp.com/t5/i-MX-Processors/Code-Signing-Tool-with-keys-in-HSM/m-p/1898519#M225826 ThomasGu 2024-07-03T16:27:12Z