Updated on 2022-02-24 GMT+08:00

Tools

The signature tool is used to set and verify digital signatures of software packages. A digital signature, also called public key digital signature or electronic seal, functions similarly to a physical signature. A digital signature is implemented by public key cryptography to authenticate digital information. A set of digital signatures is typically defined for two supplementary types of operations: one for signing and the other for verification.

NOTE:

Public keys are centrally managed on the Huawei platform, whereas private keys are stored and managed using the manufacturer's own system. To enhance the security of private keys, a password for private key encryption must be entered during private key production. If the password or private key is lost or discovered by others, there is no way to upgrade the package signature mechanism, and the manufacturer is liable for resulting security issues.

Downloading the Signature Tool

  1. Log in to the portal and choose System Management > Tools.
  2. Click to download the tool.

Using the Signature Tool

Decompress the downloaded package and double-click signtool.exe to start the signature tool.

  1. Generate a public-private key pair, as shown in Figure 1.

    Figure 1 Generating a public-private key pair
    1. Set Signature Algorithm.

      Select ECDSA_256K1+SHA256 from the drop-down menu.

    2. Set Password of Private Key.

      The password must contain at least six characters of two or more types chosen from the following: A–Z, a–z, 0–9, :~`@#$%^&*()-_=+|?/<>[]{},.;'!"

    3. Click Generate Key.

      In the dialog box displayed, select a path to save the key and click OK. The Success! dialog box is displayed, indicating that the key is generated.

      The tool generates two key files: public.pem and private.pem.

  2. Set a digital signature for the software package.

    Figure 2 Setting a digital signature for the software package
    1. Click Insert Private Key File, and import the private key file private.pem generated in 1.c.
    2. Set Input Password to the encryption password entered in 1.b.

      If the password is correct, the status bar displays the path of the private key file; otherwise, it displays Insert Private Key File.

    3. Click , and specify the path of the software package to be signed.
    4. Click Do Signature.

      If the private key has been imported, the software package is signed; otherwise, a dialog box is displayed, asking you to enter the private key.

  3. Verify the software package signature.

    Figure 3 Verifying the software package signature
    1. Click Insert Public Key File, and import the public key file public.pem generated in 1.c.
    2. Click and specify the path of the software package to be verified.
    3. Click Do Verify.

      If the public key has not been imported, a dialog box is displayed asking you to enter the public key.