nrf9160

Authenticating AT command usage

The %XSUDO command is used to authenticate AT commands.

Before you start the authentication, perform the following two steps (only once):
  1. Generate private and public keys with OpenSSL:
    openssl ecparam -name prime256v1 -genkey -noout -out [private key PEM file]
openssl ec -in [private key PEM file] -out [public key PEM file] -pubout
  2. Write the public key with the AT command:
    AT%XPMNG=0,”<public key>”
OK

To authenticate an AT command, perform the following steps:

  1. Calculate an AT command signature.
    1. Create an AT command text file for an authenticated AT command:
      Example: 
      %CMNG=0,1,0,”TEST ROOT CERTIFICATE”
    2. Create a digest file with OpenSSL from AT command that needs authentication: 
      openssl sha256 -binary [AT command text file] > [digest file]
    3. Create a signature file with OpenSSL from the digest file: 
      openssl pkeyutl -sign -in [digest file] -out [signature file] -inkey [private key PEM file]
    4. Convert the signature to Base64 format: 
      base64 < [signature file] > [signature base64 file]
  2. Write the authenticated AT command.
    The %XSUDO command is used to authenticate the %CMNG command:

    Example:

    AT%XSUDO=35,”<signature base64>”;%CMNG=0,1,0,”TEST ROOT CERTIFICATE”
OK
    For more information on the command, see Authenticated access %XSUDO.
Parent topic: nRF9160 AT Commands