RPi Derive Key 🔑

A utility for deriving secure device-specific keys on Raspberry Pi.

⚠️ Caution: This tool is based on storing a randomly generated device secret in the One-Time Programmable (OTP) memory of the Raspberry Pi SoC. The initialization of this secret is irreversible. Please make sure you understand the provided security guarantees before using it for anything serious.

• Cryptographically strong key derivation using SHA3-512 and HKDF.
• Statically-linked standalone binary with zero dependencies.
• Rust crate and Python package for easy integration into your project.

How does it work?

Upon initialization, a randomly generated 256-bit device secret is stored in the OTP memory of the Raspberry Pi SoC. Note that the OTP memory on any board can be programmed only once. This secret is then used as input key material for the HKDF key derivation algorithm using SHA3-512 as the hash function. This enables the derivation of multiple keys from the device secret. Each key is derived from the device secret and additional info material (see HKDF). The device secret should be kept secret and rpi-derive-key does not provide any means of reading it directly. Using it and the info material, any key can be reconstructed. Note that the Raspberry Pi SoC does not provide a hardware-protected store for the secret. Any user in the video group and anyone with physical access to the board can obtain the secret (unless secure boot is used). Via secure boot it is indeed possible to prevent any unauthorized access when deploying Raspberry Pi's in untrusted environments.

If you are interested in commercial support, please contact us.

🧑‍💻 Usage

The easiest way to properly install RPi Derive Key on a Raspberry Pi is via the official Debian packages.

On a 32-bit Raspberry Pi OS (armhf) run:

wget https://github.com/silitics/rpi-derive-key/releases/latest/download/rpi-derive-key_armhf.deb
sudo dpkg --install rpi-derive-key_armhf.deb

On a 64-bit Raspberry Pi OS (arm64) run:

wget https://github.com/silitics/rpi-derive-key/releases/latest/download/rpi-derive-key_arm64.deb
sudo dpkg --install rpi-derive-key_arm64.deb

Note that the Debian packages do not include the Python package. They merely contain the command line tool and a Systemd service for initializing the device secret during the boot process. The Python package can be installed as usual via pip or added as a dependency to a Python project.

For testing and debugging, the Python package is also available for MacOS, Windows, and x86_64 Linux. On these platforms, however, the device secret must be faked by setting the FAKE_RPI_DERIVE_KEY_SECRET environment variable (see below). The Python package is documented by its type stub.

Standalone binaries are available on the Releases page.

The documentation of the Rust crate is available on docs.rs.

Initialization of the Device Secret

To derive keys, the device secret needs to be initialized first.

Using the command line tool, the device secret is irreversibly initialized with:

rpi-derive-key init

Note that the initialization may fail if the firmware does not support storing a private key in OTP memory. In this case, you can either update the firmware or use the generic customer-programmable OTP registers instead:

rpi-derive-key --customer-otp init

The switch --customer-otp must subsequently be provided to all commands.

The Debian package comes with a Systemd service for initializing the device secret during the boot process. This is useful to initialize devices with an image or SD card. To enable this service, run:

sudo systemctl enable rpi-derive-key

Status Information and Checks

To print status information, run:

rpi-derive-key status

To check that the secret has been properly initialized, run:

rpi-derive-key check

This is useful when using RPi Derive Key in a script.

Deriving a Key

To derive a key and print it in hex representation use

rpi-derive-key hex <BYTES> <INFO>

where <BYTES> is the key size in bytes and <INFO> is some arbitrary string.

For instance, to generate a 512-bit filesystem encryption key run:

rpi-derive-key hex 64 fs.root.encryption

Multiple independent keys can be generated by using different values for <INFO>.

To derive a UUIDv4 use

rpi-derive-key uuid <INFO>

where <INFO> is again some arbitrary string.

For instance, to generate a unique device id run:

rpi-derive-key uuid device.id

Testing and Debugging

For testing and debugging purposes, you can fake a device secret by setting the FAKE_RPI_DERIVE_KEY_SECRET environment variable to any secret you like. Please never use this variable in production.

Setting this variable also bypasses initialization via rpi-derive-key init.

Example Use Case

Imagine you would like to derive a unique public id and a secret identification token for each device.

To derive a unique public device id using device.id as <INFO> run:

rpi-derive-key uuid device.id

You can now safely use the resulting UUID as a public device identifier. You do not have to keep it secret because it is impossible to reconstruct other keys or the device secret from it.

In addition to the public id, you can derive a 256-bit (32 bytes) secret token with:

rpi-derive-key hex 32 device.secret.token

This secret token is supposed to be shared only with trustworthy entities, e.g., it may be sent in HTTP headers to prove the device's identity to a webserver providing device configurations:

wget --header "X-Secret-Token: <SECRET-TOKEN>" https://example.com/<DEVICE-ID>/config.tar.gz

📌 Tip: You should use different keys (with different info material) for different purposes (e.g., fetching updates or configurations). That way, if a key for a given purpose is compromised, all other keys remain secure.

⚖️ Licensing

RPi Derive Key is licensed under either MIT or Apache 2.0 at your opinion. Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this project by you, as defined in the Apache 2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Made with ❤️ for OSS by Silitics.