Demonstrates the signed application update capability.

To use this you need to create a public/private key pair. It is VERY important that the private key is not stored on the device in order to be secure. The signing key needs to be different than all other certs and keys used on the device as a server, such as those for HTTPS.

From this public/private key pair, the public key needs to be stored in the application, and the private key needs to be stored in some other secure location. If the private key is lost, you will be unable to ever again update the device.

To create the public key and compile it into the application, from the command line:

openssl genrsa -out signkey.pem 1024
openssl rsa -in signkey.pem -pubout -out src/public.key
set NB_SIGN_KEY = WHERE_EVER_THE_KEY_LIVES\signkey.pem

This example includes a batch file named makekey.bat that executes the above steps.

Once the public key has been created, the following commands can be used from the command line to create the signed application and load it into the device:

make sign
make loadsign

When using NBEclipse:

Make the public/private key pair as described above.
In the directory where you have the public key, run compfile public.key codekey_array codekey_len codekey.cpp.
Now include the codekey.cpp in your NBEclipse project.

After NBEclipse has built your project:

Create an External Tool Configuration with Run->External Tools->External Tools Configurations.
In the new external tool configuration, specify the following: – Name: Sign – Location: "${env_var:NNDK_ROOT}\pcbin\nbsign.exe" – Working Directory: Browse Workspace and select your project – Arguments: -k <full path to private key.pem> -in Release${project_name}.bin -o Release${project_name}.signed.bin
Project can now be signed by running the Sign External Tool