amiotk
July 27, 2021, 2:44pm
1
I’m trying to set-up an OTA firmware update job using an already signed image. AWS IoT Job creating wizzard asks for a PEM formatted signature:
Presumably this is a signature of my OTA image and I should be able to get it using e.g. openssl.
openssl dgst -sha256 -sign ecdsasigner.key firmware.bin > signature.bin
Any idea how to convert it to PEM or maybe a better way of calculating OTA image signature that will be accepted by AWS?
pvyawaha
July 27, 2021, 3:56pm
2
Hello,
Please convert signature in base64 encoded form from the binary -
openssl base64 -in signature.bin -out signature.base64
and then copy the content of signature.base64 in the code signature box.
Let me know if you see any issues using this.
amiotk
July 28, 2021, 8:34am
3
Hi @pvyawaha
Thank you for the replay. Converting to base64 worked indeed. Below is a full list of commands to get working signature for pre-signed OTA image.
openssl dgst -sha256 -binary -out hash.bin firmware.bin
openssl pkeyutl -sign -inkey ecdsasigner.key -in hash.bin -out signature.bin
openssl base64 -in signature.bin -out signature.base64
In OTA job setup just paste content of signature.base64 as a single line of text.
1 Like
