kvp1703
commented
1 month ago Hi @Zkall123, There are two ways to sign: One way is to upload the key-pair to AWS Cloud and it will sign the firmware for you. The other is to generate the key-pair and sign the firmware locally.
For signing via the cloud, please refer to the ota_mqtt/README.md file. To create a code signing profile on the AWS console, follow these steps:
- While creating the FreeRTOS OTA update, enter the job name and click "Next."
- Click on "Create New Profile."
- Import the code signing certificate and key that were generated when you created the code signing certificate.
- Use "/" as the path name for storing the certificate.
For signing locally, follow these steps:
- Generate the key-pair.
openssl genrsa -out private_key.pem 2048 - Calculate the SHA for the firmware:
openssl dgst -sha256 -sign private_key.pem firmware.bin > firmware.sha - Calculate the base64 of the signature:
base64 -i firmware.shaYou can paste this base64 encoded signature as show here.
Hello I don`t know what I should put in the job creation in the field "signature".
what should I put in this field? I have tried it with the content of the certificate files (with begin and end certificate and without) but I always have the same error, I`ve only tried the private certificate file. E (7093) AWS_OTA: Failed to decode Base64 data: base64Decode returned error: error=1 E (7093) AWS_OTA: Failed to parse the job document after parsing the job name: OtaJobParseErr_t=OtaJobParseErrNonConformingJobDoc, Job name=AFR_OTA-test-17
I`ve done all the things in this documentation: https://github.com/espressif/esp-aws-iot
Please help! :(