Home
SIGN+
Secure software, firmware, and containers with a comprehensive enterprise code signing solution.
SIGN+ User Guide
Integrating SIGN+ using Native Tools
Esptool

CERT+
Automate certificate lifecycle management including issuance, discovery, renewal, and deployment, across public and private trust CAs. Assess, prioritize, and plan your migration to quantum-safe encryption with the Quantum Trust Hub add-on module.
PKI+
Provision, govern and scale private trust certificates with a Post Quantum ready cloud based Enterprise PKI-as-a-Service.
SIGN+
Secure software, firmware, and containers with a comprehensive enterprise code signing solution.
SSH+
Control SSH access and key rotation at scale with an SSH key lifecycle management solution.
KUBE+
Unify DevOps and Security teams by managing certificates with a Kubernetes-native certificate lifecycle management solution.
DDI+
Manage domain registration, renewal, decommissioning, and other security controls with an end-to-end domain lifecycle management solution.
ADC+
Automate and orchestrate application delivery infrastructure at scale with an ADC lifecycle automation platform.
Platform
Manage policy and automation across all of the products and modules in the AVX ONE platform.
AppViewX Setup
Get detailed instructions for setting up AVX ONE in on-premises or SaaS deployments.
Release Artifacts
Review new features, fixes, and security advisories with official AppViewX release documentation.

Esptool

Esptool is a native sign tool used for Espressif chips, facilitating firmware signing and flashing onto devices.

Sign Secure Boot V2 images with Esptool from Espressif

Esptool is a Python-based, open-source, platform-independent utility to communicate with the ROM bootloader in Espressif chips.

Espressif with AppViewX PKCS11 Provider only supports:

RSA 3072 bit keys.
ECDSA 256 bit keys.

Prerequisites

Run the AppViewX SIGN+ Installer to install the prerequisites required to use the AppViewX PKCS#11 Provider with Esptool.
Python 3.7 or newer Installed.

Install Esptool

To install Esptool, run the following command from command line:

pip install esptool[hsm]

For additional information refer Esptool Installation and Configuration

Create configuration file

Sample HSM Configuration File:

[hsm_config]
pkcs11_lib =<path to AppViewX PKCS11 library>
credentials =NONE
slot =1
label =<keypair-alias>

The HSM Configuration file is autogenerated as part of running the SIGN+ Installer.

Sign Command

espsecure.py sign_data --version 2 --hsm --hsm-config hsm-config.ini --output v2-rsa-pss-hello_world.bin hello_world.bin

Verify Command

espsecure.py verify_signature --version 2 --keyfile <public-key-file-of-keypair> <image-file-to-verify>

The steps required to generate the public key file for verification are auto generated in the README as part of running the SIGN+ Installer.

AppViewX