logic behind CST tool to find the private key to use

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

logic behind CST tool to find the private key to use

Jump to solution
1,749 Views
antonio_santagi
Contributor IV

Hello,

I read the document CST_UG.pdf included in the CST tool's zip archive.

However I can't find what it the logic used by the CST tool to retrieve the correct private key to sign the code.

In the CSF files there is usually mentioned the public key certificate like : 

File = "../crts/IMG1_1_sha256_4096_65537_v3_usr_crt.der"

These certificates/public keys are used at runtime to verify the validity of signatures.But I can never find a reference to the private key to be used to sign the code. 

How does the CST tool retrieve the correct private key to sign the code ? Does it go straight to the /keys subfolder and look for the right one ?

Should I place the private key always in the /keys subfolder ?

thank you

 

0 Kudos
Reply
1 Solution
1,739 Views
Yuri
NXP Employee
NXP Employee

@antonio_santagi 
Hello,

  Yes, the CST uses the /keys directory to access the keys.

Also, customers can use HSM, as described in the following app note.

https://www.nxp.com/webapp/Download?colCode=AN12812

 

Regards,
Yuri.

View solution in original post

2 Replies
1,735 Views
antonio_santagi
Contributor IV

thank you, this is useful.

0 Kudos
Reply
1,740 Views
Yuri
NXP Employee
NXP Employee

@antonio_santagi 
Hello,

  Yes, the CST uses the /keys directory to access the keys.

Also, customers can use HSM, as described in the following app note.

https://www.nxp.com/webapp/Download?colCode=AN12812

 

Regards,
Yuri.