Generating the custom ECDSA Key Pair for image signing and encryption using openssl

[xianghui-renesas]

Hi all,
I am able to generate custom ECDSA key pairs for image signing and encryption using imgtool.py. Is this capability proven to be functioning with openssl as well? I noticed the key generated using openssl looks different from what is generated from imgtool.py.
For example, below command generate the key using openssl with SECP256R1 curve:
openssl ecparam -name prime256v1 -genkey -noout -out my_ecc_secp256r1_key.pem
Here is the comparison. On the right is the key generated with openssl:

Can you explain the difference in the format? Are both ok to be used with MCUboot?
I will perform some test as well.
thanks!

[utzig]

Can you explain the difference in the format? Are both ok to be used with MCUboot?

OpenSSL encodes its keys in SEC1 format, while MCUboot uses PKCS#8. You can convert your generated key from the step above with this extra step:

openssl pkcs8 -nocrypt -topk8 -in my_ecc_secp256r1_key.pem -out my_ecc_secp256r1_pkcs8_key.pem

[xianghui-renesas]

Hi, @utzig , thanks for the explanation, this conversion works!