Creating Signing Keys
This guide describes how to create signing keys.
To learn more about Peridio signing keys in general, see the signing keys reference.
Prerequisites
- fwup CLI.
- Last tested with version 1.9.1.
- Peridio CLI.
- Last tested with version 0.4.0.
Create Key Pair
Signing keys can be formatted in the recommended PEM format or the legacy raw format. This guide will create them in the PEM format.
Create a PEM private key:
openssl genpkey -algorithm Ed25519 -out private.pem
Derive a PEM public key from the PEM private key:
openssl pkey -in private.pem -pubout -out public.pem
Create Signing Key
You must submit your public key to Peridio so that it can verify binaries as they are uploaded.
Web Console
See the Peridio Web Console.
CLI
peridio signing-keys create \
--value value \
--name value
The --value
option expects your public key in raw format.
To convert a PEM public key to a raw public key, see the convert keys section of the signing keys reference.
openssl pkey -outform DER -pubin -in public.pem -pubout \
| tail -c +13 \
| base64 > public.raw
The submitted key may now be used to sign binaries and firmware.
API
Use the Peridio Admin API create-a-signing-key endpoint.
The submitted key may now be used to sign binaries and firmware.