Get acquainted with our Esspressif ESP32 and SignServer integration and learn more about how to enable secure OTA updates.
The developer can only store the private part of the signature key locally with the out-of-the-box code signing solution provided by Espressif's tools. This means that it can be accessible, unprotected, and with limited evidence of authenticity. According to the Espressif manual, this method is only suitable for single-user development and refers to centralized tools for enterprise deployment, but there is no clear implementation roadmap.
The integration of Espressif ESP32 with our open-source PKI EJBCA and signature solution SignServer has enabled us to achieve a smooth and trustworthy build process. SignServer is a server-side signature solution that uses an HSM (Hardware Security Module) to protect code-signing keys and integrates with the EJBCA PKI to issue trusted code-signing certificates.
In this tutorial, you will learn how to:
For the full set of instructions, view our tutorials on how to set up SignServer and create a code signing certificate using EJBCA.
To take full advantage of this tutorial, you need to have a basic understanding of the Espressif platform and security concepts. It is assumed that you are familiar and experienced with the ESP32 controller, its system architecture, and the software lifecycle process. You should also understand and be able to apply the basic security functions of the ESP32.
Before you begin, you also need the following:
Check out the supplementary documentation that goes hand-in-hand with our tutorial video.
Get your hands on the SignServer Docker container by downloading it now from Docker Hub.
Take a peek at our tutorial video on YouTube, and browse through some of our other videos as well.
Join our discussions to ask questions and share ideas.
EJBCA is a robust, reliable open-source Certificate Authority software that can be tailored to meet your PKI requirements. Whether you're managing an internal PKI or setting up a PKI for your business application or product, EJBCA has the flexibility and scalability to support your needs.
Bouncy Castle is a popular and widely used cryptographic API that is FIPS-certified and open-source, making it easy for developers to seamlessly integrate cryptography, PKI and signing security into their Java and C# applications.