SUCI Tool
Tools/SuciTool/ is the helper shell around the external suci-keytool
binary. Use it to manage SUCI key material that a profile expects on a USIM
when 5G privacy features are in play.
On this page
Underlying concept
The SUCI/SUPI model is summarized in 3GPP NAA.
When to use it
- selecting an active SUCI key file
- generating a
SECP256R1orCURVE25519SUCI key - exporting uncompressed or compressed public-key form
- inspecting the workspace paths the tool resolves
Entry points
python -m Tools.SuciTool
python -m Tools.SuciTool --cmd "STATUS; PWD; EXIT"
yggdrasim-suci-tool
python main/main.py and pick the SUCI Tool entry.
Command surface
| Verb | Purpose |
|---|---|
USE <path> |
select the active SUCI key file |
STATUS |
show active file and workspace paths |
TOOL |
override the external suci-keytool command path |
GENERATE <curve> |
generate a key pair (SECP256R1 or CURVE25519) |
DUMP |
export the public key (uncompressed or compressed form) |
PWD |
print working directory |
Runtime dependencies
- an available
suci-keytoolbinary on the host - the workspace or runtime-root directory where SUCI key files live
State the shell writes
SUCI Tool is file-oriented. It does not write into the shared SQLite
inventory. Key files land in the selected directory, and the tool manages
selection through the USE verb.
Common recipes
Generate a SECP256R1 key and export compressed form
python -m Tools.SuciTool --cmd "GENERATE SECP256R1; DUMP --compressed; EXIT"
Switch active key
[SUCI] > USE path/to/profile_suci.key
[SUCI] > STATUS
Pitfalls
GENERATErequires that the externalsuci-keytoolbinary is resolvable. UseTOOL <path>if the binary lives outsidePATH.- The SUCI public key that lands on a profile must match the home network public key that the 5G serving network expects. A generated dev key works for loopback testing only.