Mistake on this page? Email us

Generate update credentials

This section explains how to generate your update credentials. You can skip this section if you already have update credentials available.

Your credentials consist of a private key and an authenticity certificate.

  • Your private key is used to sign your authenticity certificate, and to sign the manifest file that you will create later in this tutorial.
  • Your authenticity certificate is used by your device to verify that your manifest file and firmware update originate from a trusted source.

Note: You must keep your private key secure and confidential.

Note: Take note of the private key and certificate's directory locations. You need these locations later in the tutorial.

Generate a private key

To generate your private key, run:

openssl ecparam -genkey -name prime256v1 -outform PEM -out my-update-key.pem

This command generates a private key and outputs it to a directory on your computer.

Generate an authenticity certificate

To generate your authenticity certificate, run:

openssl req -x509 -sha256 -days 7300 -key my-update-key.pem -outform der -out my-update-certificate.der -batch

This command uses your private key to derive an authenticity certificate, and outputs your certificate to a directory on your computer.