Authenticating AT command usage

The %XSUDO is used to authenticate AT commands.

Before you start the authentication, perform the following two steps (only once):
  1. Generate private and public keys with OpenSSL:
    openssl ecparam -name prime256v1 -genkey -noout -out [private key PEM file]
    openssl ec -in [private key PEM file] -out [public key PEM file] -pubout
  2. Write the public key with the AT command:
    AT%XPMNG=0,”<public key>”

To authenticate an AT command, perform the following steps:

  1. Calculate an AT command signature.
    1. Create an AT command text file for an authenticated AT command:
    2. Create a digest file with OpenSSL from AT command that needs authentication:
      openssl sha256 -binary [AT command text file] > [digest file]
    3. Create a signature file with OpenSSL from the digest file:
      openssl pkeyutl -sign -in [digest file] -out [signature file] -inkey [private key PEM file]
    4. Convert the signature to Base64 format:
      base64 < [signature file] > [signature base64 file]
  2. Write the authenticated AT command.
    The %XSUDO command is used to authenticate the %CMNG command:


    AT%XSUDO=35,”<signature base64>”;%CMNG=0,1,0,”TEST ROOT CERTIFICATE”
    For more information on the command, see Authenticated access %XSUDO.