Hi all,
apache-mynewt-core/boot/bootutil/signed_images.md suggest to use
'openssl genrsa -out image_sign.pem 2048' for generating RSA keypair.
When signing with this key, everything is fine:
$ newt create-image my-app 1.0.0.0 image_sign.pem
...
App image succesfully generated: .../my-app.img
Now I look at
'https://en.wikibooks.org/wiki/Cryptography/Generate_a_keypair_using_OpenSSL'
page and see another command for generating: 'openssl genpkey -algorithm
RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048'. If I try to
sign using such a key, everything is sad:
$ newt create-image my-app 1.0.0.0 image_sign.pem
...
Error: Unknown private key format, EC/RSA private key in PEM format only.
As I can judge, methods for generating RSA pairs are identical and
problem is somewhere in Go lib 'encoding/pem'. Not sure if this is
really a bug, but clarification from Go guru is required.
Many thanks.
BR,
Andrey
