Man page - rpi-otp-ec-private-key(1)

Packages contains this manual

Package:  rpi-otp-ec-private-key
apt-get install rpi-otp-ec-private-key

Manuals in package:
• rpi-otp-ec-private-key(1)
Documentations in package:
• rpi-otp-ec-private-key

Manual

rpi-otp-ec-private-key

NAME
SYNOPSIS
DESCRIPTION
USAGE
REQUIREMENTS
EXIT STATUS
SEE ALSO
AUTHOR
COPYRIGHT

---

NAME

rpi-otp-ec-private-key - Generate ECDSA private key PEM from Raspberry Pi OTP

SYNOPSIS

rpi-otp-ec-private-key

DESCRIPTION

rpi-otp-ec-private-key reads a 32-byte private key from Raspberry Pi OTP (One Time Programmable) memory and outputs a complete ECDSA private key in PEM format.

This tool is related to rpi-otp-private-key but generates a complete PEM that can be used directly with OpenSSL tools, rather than just raw bytes.

The generated key uses the SECP256R1 curve (also known as P-256, prime256v1, or NIST P-256).

USAGE

Generate a private key PEM from OTP:

rpi-otp-ec-private-key

Save the key to a file in tmpfs:

rpi-otp-ec-private-key > /run/private_key.pem

Extract the public key:

rpi-otp-ec-private-key | openssl pkey -pubout

REQUIREMENTS

The OTP must contain a valid 32-byte SECP256R1 private key value. The key must be non-zero and within the valid range for the curve.

EXIT STATUS

	•		0 : Success
	•		1 : Error (OTP read failure, invalid key, or other error)

SEE ALSO

openssl (1), openssl-pkey (1), rpi-otp-private-key (1)

AUTHOR

Richard Oliver richard.oliver@raspberrypi.com

COPYRIGHT

Copyright 2025 Raspberry Pi. Licensed under the 3-clause BSD License.

---