How can I generate srk_hash from srk.pub using openssl?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How can I generate srk_hash from srk.pub using openssl?

680 Views
richardbean
Contributor I

Given an existing RSA public/private key pair in PEM format files, I would like to use the 'openssl' utility to generate the SRK Hash of the public key in an offline environment without relying on Flexbuilder. I would expect to be able to extract the binary public key from its PEM file, and perform a SHA-256 hash on it with hex output. But when I do so, the resulting hash does not match the hash that Flexbuilder produces in 'srk_hash.txt'. For example, on a Linux host:

  grep -v 'RSA PUBLIC KEY' srk.pub | base64 -d | openssl dgst -sha256 -hex | cut -d' ' -f2

  tail srk_hash.txt

Given a file such as 'srk.pub' containing an RSA public key in PEM (PKCS#1) format, what invocation using the 'openssl' utility will produce the same hex formatted hash of the public key that appears in 'srk_hash.txt'?

My version of Flexbuilder is from LSDK 18.03; the target machine is a LS1012ARDB.

Thank you.

0 Kudos
1 Reply

519 Views
yipingwang
NXP TechSupport
NXP TechSupport

Hello Richard Bean,

You could refer to cst tool provided in LSDK, we use CST tool to assist with secure boot process. CST tool can be used to generate RSA public and private keys, OPTMK and CSF header.

In LSDK, please execute the following command to get cst source code in the folder flexbuild/packages/apps/cst.

$flex-builder -c cst -a arm64

In cst tool we use the script "uni_sign" to create SRK(Public Key) Hash, it will call the function create_srk_calc_hash defined in the file tools/header_generation/create_hdr_common.c to create the SRK Table and calculate the hash.

In the function create_srk_calc_hash, crypto_extract_pub_key, crypto_hash_init, crypto_hash_update and crypto_hash_final are called, these APIs defined in file common/crypto_utils.c, invokes openssl API SHA256_Init, SHA256_Update, SHA256_Final.


Have a great day,
TIC

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------