extracting signature from DFU package

RE: extracting signature from DFU package

Vidar Berg — Wed, 09 Dec 2020 10:08:52 GMT

I understand. I don't know the steps to do this with openssl, but I see already you got some advice in this post: https://devzone.nordicsemi.com/f/nordic-q-a/63773/cross-checking-nrfutil-boot_validation_signature-for-validate_ecdsa_p256_sha256-with-openssl-command-line.

RE: extracting signature from DFU package

Wendel — Wed, 09 Dec 2020 01:45:52 GMT

Hi, Vidar

I afraid the answer is No, because our key-server is openssl-based, we want to sign the init packet with openssl rather than nrfutil.

RE: extracting signature from DFU package

Vidar Berg — Tue, 08 Dec 2020 10:43:32 GMT

Hi,

I'm not sure if there's an easy way to do this with openssl. Did you consider the option of modifying nrfutil to use this elliptic curve?

RE: extracting signature from DFU package

Wendel — Tue, 08 Dec 2020 06:51:31 GMT

Hi Vidar,

Any suggestion on how to sign the init packet with OpenSSL command-line tool?

The key was generated with command:

openssl ecparam -name prime256v1 -genkey -out private_key.pem

Thanks a lot.

RE: extracting signature from DFU package

Vidar Berg — Fri, 26 Jul 2019 07:39:02 GMT

Hi,

I don't think nrfutil is a good option for this. It's made specifically to sign DFU packages for our DFU solution. It signs the init packet, not the FW image itself. If you have some experience with python it may be easier to make your own script based on nrfutil and the crypto module it uses. Or maybe you can use the OpenSSL command-line tool.