Page 1 of 1

Signed Firmware for OTA / X.509 / RFC3161

Posted: Sun Apr 19, 2020 8:13 pm
by dirkxus
As we all know - the Arduino OTA updating process is not very secure - with the key (or an MD5 which you can use as a key) hardcoded in the firmware and on the ESP32.

We needed something a bit better. So not sure how useful this is to folks - but on the principle of share early and often; you can find at
and on
a fully functional secure/signed ArduinoOTA (also for SD cards and webintefaces) public/private keypair based security for the firmware updates.

It (should) work(s) for both a hobby setup (local, single key) and for a normal enterprise style setup, with backup keys, master keys, delegation that different for production and test/developer firmware and so on.

Any and all feedback welcome !

Dw.