Knox ML Encryption Tool


  1. Log in to Knox Partner Portal > Dashboard > Download.
  2. Download one of the following:
    • Knox ML encryption tool - Linux
      Supported OS version— Ubuntu 16.04, 18.04, 20.04
    • Knox ML encryption tool - Windows
      Supported OS version— Windows 10
  3. Run the executable. On Linux, give the execute permission as needed.

UI parameters

To generate the encrypted neural model package, following inputs from the user are required:

Input field Required Explanation Supported Format
ML file Yes Plain ML Model file to be encrypted.
  • Tensorflow (*.pb)
  • Tensorflow Lite (*.tflite)
  • Caffe (*.caffemodel)
Package Version Yes An integer value that is the version of the encrypted model package. An integer in the range 1 - 4294967296
Allowed Apps List Yes List of allowed app packages that can load the model.
  • Text (*.txt)
  • CSV (*.csv)

Encrypt files

To encrypt your ML model, open the Knox ML Encryption Tool on your computer and do as follows:

  1. (Optional) Click on the settings icon on the top right and select file locations folder. Only English-language folder names are supported. This will be the folder where the encrypted package is stored. If not specified, the encrypted file is stored in a folder called ‘Encrypted Models’ in the same location where the plain ML file is located. The encrypted file will be saved in that path from the next time onwards.
  2. Click Return to Encrypt file.
  3. Select the ML file in one of the formats as explained above in the UI elements table.
  4. Select the package version for the output encrypted file.
  5. Select the allowed apps list. Doing so restricts the access to only these apps to run the encrypted file.
  6. Click Encrypt.
  7. In the Encryption Successful screen, select one of the following:
    • View file to view the encrypted package file
    • Quit to quit and close the converter
    • Encrypt new file to start a new encryption process.

Deploy encrypted package to app

You can deploy the generated model packag by keeping it in the application assets folder. Knox SDK provides the APIs to load the model in the application run-time.

To load the Model package in the application run-time make a File Descriptor (FD) or create a data buffer of the package, if the package is present in assets of the application, and call the subsequent API. To learn more about the development process, see model protection deployment,but ensure that you have the Knox SDK installed before you do so.


If you run into any errors, a failure log is generated. You can create a support ticket through your Knox Partner Portal > Support. Attach the failure log with the ticket and describe the issue in detail so that we can reproduce it to fix the error.

Share it: