Updated on 2022-02-24 GMT+08:00

Signing the Codec Package with an Offline Signature

After the codec is developed, sign the codec package before installing it on the IoT platform. To sign the package, download Huawei Offline Signtool.

  1. Log in to the Management Portal.
  2. Choose System Management > Tools, and click Offline signature tool to obtain the tool.

    Figure 1 Downloading the offline signature tool

  3. Decompress the signtool.zip file and double-click signtool.exe to run Huawei Offline Signtool.

    Figure 2 Running Huawei Offline Signtool

  4. In the Generate Public and Private Key area, select a value for Signature algorithm, set Password of Private key, and click Generate Key. In the dialog box displayed, select the directory to save the key files and click OK.

    Set Signature Algorithm as required. Currently, two signature algorithms are available:
    • ECDSA_256K1+SHA256
    • RSA2048+SHA256

    When setting Password of Private Key, ensure that the password complexity meets the following conditions:

    • The password must contain at least six characters.
    • The password must contain at least two types of the following characters:
      • A-Z

      • a-z

      • 0-9

      • :~`@#$%^&*()-_=+|?/<>[]{},.;'!"

    The public and private key files are generated in the storage directory.

    • Public key file: public.pem
    • Private key file: private.pem

  5. In the Software Package Sign area, import the private key file, enter the password, and click OK. The password is the value of Password of Private Key set in Step 4.
  6. Select the software package to be signed and click Do Signature.

    If the digital signature is successful, the software package named xxx_signed.xxx with a digital signature is generated in the directory where the original software package is located.
    NOTE:

    The offline signature tool can sign only the packages in .zip format with a digital signature.

  7. In the Software Package Verify area, import the public key file and click OK.
  8. Select the software package (generated in 6) that requires signature verification and click Do Verify.

    • If Verify Success! is displayed, the signature verification is successful.
    • If Verify Error! is displayed, the signature verification fails.
      NOTE:

      During software package verification, the path for storing the signed software package must not contain Chinese characters.