On Fri, Nov 10, 2017 at 07:58:28AM -0200, Fabio Utzig wrote:
I don't think forcing users to change existing key formats would be a good idea. I would suggest leaving compatibility in place for the moment. When MCUboot changed the image format for 1.0 a new flag was added to "new create-image" command, "-2", to write in the new format. Maybe if a user provides "-2" you could also assume that PKCS#8 is to be used. This would only break Mynewt users that have switched to MCUboot, which is likely a smaller user base and more willing to engage in "breaking" changes. What do you think?
Fortunately, it seems it is pretty easy to just support both. There aren't any changes to the use of the tool, it is able to detect the key format just by the header line in the PEM file. Adding support for the new format will just be adding an entry. David
