Creating Signing Keys

This guide describes how to create signing keys.

To learn more about Peridio signing keys in general, see the signing keys reference.

Prerequisites

• fwup CLI.
  • Last tested with version 1.9.1.
• Peridio CLI.
  • Last tested with version 0.4.0.

Create Key Pair

Signing keys can be formatted in the recommended PEM format or the legacy raw format. This guide will create them in the PEM format.

Create a PEM private key:

openssl genpkey -algorithm Ed25519 -out private.pem

Derive a PEM public key from the PEM private key:

openssl pkey -in private.pem -pubout -out public.pem

Create Signing Key

You must submit your public key to Peridio so that it can verify binaries as they are uploaded.

Web Console

See the Peridio Web Console.

CLI

peridio signing-keys create \
  --value value \
  --name value

The --value option expects your public key in raw format.

To convert a PEM public key to a raw public key, see the convert keys section of the signing keys reference.

openssl pkey -outform DER -pubin -in public.pem -pubout \
  | tail -c +13 \
  | base64 > public.raw

The submitted key may now be used to sign binaries and firmware.

API

Use the Peridio Admin API create-a-signing-key endpoint.

The submitted key may now be used to sign binaries and firmware.