Other Parts Discussed in Thread: CC3220SF,
Hi!
I wanted to use encrypted private keys when programming the flash memory. Since I cannot find a way to input/read a password with the SLImageCreator tool, I made the signature separately and gave the signature as an input when loading the MCU.
#Get the MCU signature openssl dgst -sha256 -binary -sign "$SSKey" -passin pass:$Password \ -out "mcu.signed.bin" "mcu.bin" #Add the MCU project add_file --name "$ProjName" --overwrite --file "$Dir/mcu.bin" --mcu --flags secure,publicwrite \ --sign "$Dir/mcu.signed.bin" --cert "$SSCert" #Program the Device "$ImageCreatorPath/SLImageCreator.exe" \ project program --name "$ProjName" --dev
This, however, gives an error: "SL_WRONG_SIGNATURE". I'm using the dummy certificate catalog at the moment and it works fine when the private keys are not encrypted.
I've tried adding "-c", replacing "sha256" with "sha1" (even though that should not work), replacing "binary" with "hex", and converting the keys to DER format with "openssl pkcs8 -topk8" (only way to encrypt keys in DER). All these tests seem to break things further.
I read in another post (for CC3220SF) that the auto-generated signatures from SLImageCreator is created with:
OpenSSL> dgst -binary -sha1 -sign <file-location>\<private_key>.pem \ -out <file-location>\<output>.sig <file-location>\<input>.txt
from Toby Pan. But I guess it should be "sha256" for the CC3235SF instead.
I would love to know if I'm understanding this correctly, if I'm missing something, and why it does not work.
Thanks a lot in advance!
Kind regards,
David
