espsecure: Improve error message for incorrect PEM format

Closes #881

espsecure/__init__.py

@@ -202,7 +202,13 @@ def generate_signing_key(args):
 
 def load_ecdsa_signing_key(keyfile):
     """Load ECDSA signing key"""
-    sk = ecdsa.SigningKey.from_pem(keyfile.read())
+    try:
+        sk = ecdsa.SigningKey.from_pem(keyfile.read())
+    except ValueError:
+        raise esptool.FatalError(
+            "Incorrect ECDSA private key specified. "
+            "Please check algorithm and/or format."
+        )
     if sk.curve not in [ecdsa.NIST192p, ecdsa.NIST256p]:
         raise esptool.FatalError("Supports NIST192p and NIST256p keys only")
     return sk
@@ -221,7 +227,13 @@ def _load_ecdsa_signing_key(keyfile):
 
 def _load_ecdsa_verifying_key(keyfile):
     """Load ECDSA verifying key for Secure Boot V1 only"""
-    vk = ecdsa.VerifyingKey.from_pem(keyfile.read())
+    try:
+        vk = ecdsa.VerifyingKey.from_pem(keyfile.read())
+    except ValueError:
+        raise esptool.FatalError(
+            "Incorrect ECDSA public key specified. "
+            "Please check algorithm and/or format."
+        )
     if vk.curve != ecdsa.NIST256p:
         raise esptool.FatalError(
             "Signing key uses incorrect curve. ESP32 Secure Boot only supports "
@@ -1645,7 +1657,8 @@ def main(custom_commandline=None):
     p = subparsers.add_parser(
         "digest_private_key",
         help="Generate an SHA-256 digest of the private signing key. "
-        "This can be used as a reproducible secure bootloader or flash encryption key.",
+        "This can be used as a reproducible secure bootloader (only secure boot v1) "
+        "or flash encryption key.",
     )
     p.add_argument(
         "--keyfile",