The DFU requires private and public keys. A public key can be computed from a private key, but the private key must always be provided.
If you need static keys for use on multiple devices, you should generate the keys externally. The following example commands use Nordic Semiconductor's nrfutil tool (see the nrfutil documentation) to generate keys based on the secp256r1 curve:
You can also generate keys using OpenSSL or Cryptography library - nrf_crypto. They both generate the keys in big-endian format. To use these keys with the DFU, you must reverse the byte order. See Code examples for instructions on how to generate a key pair using both OpenSSL and Cryptography library - nrf_crypto.
Make sure to store the private key securely and with limited access. If the private key is lost, you cannot reproduce it and therefore cannot provide signed data anymore.