Knox ML Encryption Tool


  1. Log in to Knox Partner Portal > Dashboard > Download.
  2. Download one of the following:
    • Knox ML encryption tool - Linux
      Supported OS version— Ubuntu 16.04, 18.04, 20.04
    • Knox ML encryption tool - Windows
      Supported OS version— Windows 10
  3. Run the executable. On Linux, give the execute permission as needed.

UI parameters

To generate the encrypted neural model package, following inputs from the user are required:

Input field Required Explanation Supported Format
ML file Yes Plain ML Model file to be encrypted.
  • Tensorflow (*.pb)
  • Tensorflow Lite (*.tflite)
  • Caffe (*.caffemodel)
Package Version Yes An integer value that is the version of the encrypted model package. An integer in the range 1 - 4294967296
Allowed Apps List Yes List of allowed app packages that can load the model.
  • Text (*.txt)
  • CSV (*.csv)

Encrypt files

To encrypt your ML model, open the Knox ML Encryption Tool on your computer and do as follows depending on the tool's version. To see which version you can use depending on device, refer to Knox ML Encryption Tool Revision page.

Model Encryption Tool V1.0 steps

  1. (Optional) click the settings icon on the top right and select file locations folder. Only English-language folder names are supported. This folder is where the encrypted package is stored. If not specified, the encrypted file is stored in a folder called ‘Encrypted Models’ in the same location where the plain ML file is located. The encrypted file is saved in that path from the next time onwards.
  2. Click Return to Encrypt file.
  3. Select the ML file in one of the formats as explained above in the UI elements table.
  4. Select the package version for the output encrypted file.
  5. Select the allowed apps list. Doing so restricts the access to only these apps to run the encrypted file.
  6. Click Encrypt.
  7. In the Encryption Successful screen, select one of the following:
    • View file to view the encrypted package file
    • Quit to quit and close the converter
    • Encrypt new file to start a new encryption process.

Model Encryption Tool V1.1 steps

  1. click Get Started.
  2. (Optional) click Settings icon and select the path where you want to save the encrypted model.
  3. click Utility option next to Settings icon. Browse and select the allowed app certificate file and click Generate Hash.
  4. click Copy Hash and dd it to the Allowed Apps List.
  5. Return to Encrypt Screen and dd plain ML Model file and its package version.
  6. Attach the Allowed_Apps List. Refer to Template option for proper format.
  7. Click Encrypt. *.KMLPKG file is created.
  8. click View File button to view the encrypted package file.

Types of Encrypted Knox ML output packages

You can generate following two types of Knox ML packages:

  • KAIPKG—This ML model package format is generated from Knox ML Encryption Tool v1.0 only. This format is supported on devices with Knox SDK 3.7.1.
  • KMLPKG—This ML model package format supported by Knox ML Encryption Tool v1.1 onwards. This format is currently supported in devices with SDK 3.7.1 with KnoxML version v1.1 or higher.
NOTE—To find out what Knox version your device is on, go to Settings > About phone > Software informationKnox version.

Deploy encrypted package to app

You can deploy the generated model package by keeping it in the application assets folder. Knox SDK provides the APIs to load the model in the application run-time.

To load the Model package in the application run-time, make a File Descriptor (FD) or create a data buffer of the package —if the package is present in the assets of the application— and call the subsequent API. To learn more about the development process, see model protection deployment, but ensure that you have the Knox SDK installed before you do so.


If you run into any errors, a failure log is generated. You can create a support ticket through your Knox Partner Portal > Support. Attach the failure log with the ticket and describe the issue in detail so that we can reproduce it to fix the error.

Share it: