From 3734839b41334bdc9989d81a5561903d4685a163 Mon Sep 17 00:00:00 2001
From: Benjamin Valentin <benjamin.valentin@ml-pa.com>
Date: Tue, 24 May 2022 01:10:52 +0200
Subject: [PATCH] dist/tools/suit: generate password-protected private key

---
 dist/tools/suit/gen_key.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/dist/tools/suit/gen_key.py b/dist/tools/suit/gen_key.py
index 3a5bbf148e..4065fc9bfe 100755
--- a/dist/tools/suit/gen_key.py
+++ b/dist/tools/suit/gen_key.py
@@ -17,17 +17,24 @@ from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
 from cryptography.hazmat.primitives.serialization import Encoding
 from cryptography.hazmat.primitives.serialization import PrivateFormat
 from cryptography.hazmat.primitives.serialization import NoEncryption
+from cryptography.hazmat.primitives.serialization import BestAvailableEncryption
 
 
 def main():
-    if len(sys.argv) != 2:
-        print("usage: gen_key.py <secret filename>")
+    if len(sys.argv) < 2:
+        print("usage: gen_key.py <secret filename> [password]")
         sys.exit(1)
 
+    if len(sys.argv) > 2:
+        pw = str.encode(sys.argv[2])
+        crypt = BestAvailableEncryption(pw)
+    else:
+        crypt = NoEncryption()
+
     pk = Ed25519PrivateKey.generate()
     pem = pk.private_bytes(encoding=Encoding.PEM,
                            format=PrivateFormat.PKCS8,
-                           encryption_algorithm=NoEncryption()
+                           encryption_algorithm=crypt,
                            )
 
     with open(sys.argv[1], "wb") as f: