Encrypt/Decrypte jar/jad files | Telit Cinterion IoT Developer Community
June 14, 2017 - 3:24pm, 5661 views
Hello,
I want to use encrypted jar and jad file in firmware update process.
I will send the encrypted jar/jad files to deployers stuff to be put on an a http server.
Module will download them by connecting to http server and update its software.
How can it be done?
Can automatic OTAP procedure of module be used in this way?
Best Regards,
Hello,
With OTAP you can download and install a MIDlet (jad and jar files) over http or https with optional basic authentication (user and password). The MIDlet can be signed and the module can be configured to only allow the signed MIDlets installation.
But if you'd like to encrypt the files then download, decrypt and install you'd need to implement it on your own.
The APIs for http[s] and also JSR177 for cryptographic operations are provided. Your app will not be able to update itself while still running so you'd need another app to stop the main app, perform the update and then start the main app again.
Regards,
Bartłomiej
Hello Bartlomiej,
Thanks for the answer.
Second application that will work as application updater made the issue more complicated.
I was thinking main application could update itself via process like below:
1.Download encrypted jar/jad file to ffs.
2.Decrypt them.
3.Execute at^sjam=0,"app.jad" command to install itself.
4.Restart the module by executing at^smso command.
5.When module restarted, new midlet would be running.
Can 3rd step work? An app will execute at^sjam=0 install command with its own name.
Best Regards,
Ergün.
Hello,
This will not work - that's the main reason why another application is needed - the MIDlet must be stopped before updating or uninstallation.
You could use the demo FOTA MIDlet (which is provided with the installation CD) as an example for downloading and installing the MIDlet.
Here is also a simple example for JSR177 API: https://iot-developer.thalesgroup.com/showcase/jsr177-encryption-and-dec...
Regards,
Bartłomiej
Hello Bartlomiej,
As far as I understand, FOTA MIDlet example updates JRC Midlet of module, right?
Does it have another functionality like updating firmware, updating user application etc?
Best Regards,
Ergün.
FOTA MIDlet updates module's firmware and JRC MIDlet.
I have mentioned it as an example bcause a part of its functionality is similar to what you need - it dowloads the files from the remote server over http to the flash file system of the module and it installs the JRC MIDlet with AT commands (the procedure is the same as for any MIDlet).
Regards,
Bartłomiej
Hello Bartlomiej,
Thank you very much.
It is more clear now. Before this post, I knew module firmware update is possible only via serial interface by using gwinswup .exe file. Now, I'm seeing that there is a .usf file which is used for module firmware update as a second way. at^sfdl=2 command updates module firmware by using .usf file.
Firmware update of module by this way (FOTA) is not main issue of mine at the moment but it is helpful for me to know this process. Maybe we will need firmware update of modules sent to field in future.I will investigate the FOTA MIDlet example in more detail and can ask questions about the code if I need.
One question at this point: This example does not decrypt the files (usf , jrc), right? I mean, usf,jar and jad files are not encrypted. There is only file integrity check with md5 as I see.
Best Regards,
Ergün.
Hello,
You are right - the FOTA MIDlet does not decrypt the files because they are not encrypted. That is why I have mentioned another example application that uses JSR177 API (provided with the module) for data encryption and decryption.
Please also remember that these are only examples and not fully tested release versions.
Best regards,
Bartłomiej
Ok, Bartlomiej.
Thanks for the answers and support.
Actually, in my opinion, it would be usefull to have a officially tested and supported software for FOTA by Gemalto. Module firmwares are changing in time, new versions are being released. If it is needed to update the firmware of a module which is running on field, what will be done? There is a solution as FOTA MIDlet but it is not fully tested and not supported officially.
I will ask this issue also to our Gemalto contact.
Best Regards,
Ergün.
Hello Ergun,
The FOTA functionality has been created in this way that Gemalto only provides a possibility and not the complete solution. And the customer ***** to implement the whole solution according to their ***** inside their application. Only an example is provided.
But currently there is also a service offered which includes among others the complete firmware update. It is also possible to remotely monitor some of the crucial parameters, location, install and update applications, upload files.
So please ask your Gemalto contact for more details.
Best regards,
Bartłomiej
Ok Bartlomiej,
Thank you very much.
Best Regards,
Ergün.