Visible to Intel only — GUID: tbb1578534110979
Ixiasoft
3.1. Installing PACSign
3.2. PACSign Tool
3.3. Creating Unsigned Images
3.4. Using an HSM Manager
3.5. Creating Keys
3.6. Root Entry Hash Bitstream Creation
3.7. Signing Images
3.8. Creating a CSK ID Cancellation Bitstream
3.9. PACSign PKCS11 Manager *.json Reference
3.10. Creating a Custom HSM Manager
3.11. PACSign Man Page
Visible to Intel only — GUID: tbb1578534110979
Ixiasoft
3.5.1. OpenSSL Key Creation
When using OpenSSL, create a private key and then create the corresponding public key. The PACSign OpenSSL manager requires specific tags in the key file names using a format: key_<image_type>_<key_type>_<key_visibility>_key.pem.
Filename Tag | Options | Description |
---|---|---|
image_type |
|
Identifies image type, partial reconfiguration or static region, for which the key is intended.
|
key_type |
|
Identifies key type. <x> specifies an ID that you use for cancellation.
|
key_visibility |
|
Identifies the key visibility. |
The following example creates a root key and two code signing keys using OpenSSL.
- Create the root private key:
[PACSign_Demo]$ openssl ecparam -name secp256r1 -genkey -noout \ -out key_pr_root_private_key.pem
Output:using curve name prime256v1 instead of secp256r1
- Create the root public key:
[PACSign_Demo]$ openssl ec -in key_pr_root_private_key.pem -pubout \ -out key_pr_root_public_key.pem
Output:read EC key writing EC key
- Create private CSK1:
[PACSign_Demo]$ openssl ecparam -name secp256r1 -genkey -noout \ -out key_pr_csk1_private_key.pem
Output:using curve name prime256v1 instead of secp256r1
- Create public CSK1:
[PACSign_Demo]$ openssl ec -in key_pr_csk1_private_key.pem -pubout \ -out key_pr_csk1_public_key.pem
Output:read EC key writing EC key
- Create private CSK2:
[PACSign_Demo]$ openssl ecparam -name secp256r1 -genkey -noout \ -out key_pr_csk2_private_key.pem
Output:using curve name prime256v1 instead of secp256r1
- Create public CSK2:
[PACSign_Demo]$ openssl ec -in key_pr_csk2_private_key.pem -pubout \ -out key_pr_csk2_public_key.pem
Output:read EC key writing EC key