# Offline Signature Provider for SPSDK
A plugin for SPSDK that provides an offline signature provider for secure boot workflows.
## Overview
The Offline Signature Provider allows you to sign data without having the private key directly accessible to the SPSDK tool. Instead, it:
1. Calculates the hash of the data to be signed
2. Writes the hash to a file
3. Waits for you to provide a signature file (which you can generate using your secure signing process)
4. Verifies and uses the provided signature
This workflow is particularly useful for high-security environments where private keys must be kept in secure hardware or air-gapped systems.
## Installation
```bash
pip install spsdk-offline-signature-provider
```
### Workflow
1. When SPSDK needs to sign data, it will call the Offline Signature Provider
2. The provider will:
- Calculate the hash of the data
- Print the hash value to the console
- Save the hash to a file (e.g., `ahab_container_hash.SHA256`)
- Prompt you to provide the path to a signature file
3. You can then:
- Use your secure signing process to sign the hash
- Provide the path to the signature file when prompted
4. The provider will:
- Verify the signature format and size
- Return the signature to SPSDK to complete the operation
### Supported Hash Algorithms
The hash algorithm is determined by the key size:
- 256-bit key: SHA-256
- 384-bit key: SHA-384
- 521-bit key: SHA-512
## Development
### Requirements
- Python 3.9+
- SPSDK 2.x
## License
This project is licensed under the BSD-3-Clause License - see the LICENSE file for details.
## Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
Raw data
{
"_id": null,
"home_page": null,
"name": "spsdk-offline-signature-provider",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": "NXP <spsdk@nxp.com>",
"keywords": "NXP, SPSDK, Signature Provider",
"author": "NXP",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/10/d8/fe89bbf7016073d502b689632f944ad03bf9288bf2a9de515319ea2a60e6/spsdk_offline_signature_provider-0.1.0.tar.gz",
"platform": null,
"description": "# Offline Signature Provider for SPSDK\n\nA plugin for SPSDK that provides an offline signature provider for secure boot workflows.\n\n## Overview\n\nThe Offline Signature Provider allows you to sign data without having the private key directly accessible to the SPSDK tool. Instead, it:\n\n1. Calculates the hash of the data to be signed\n2. Writes the hash to a file\n3. Waits for you to provide a signature file (which you can generate using your secure signing process)\n4. Verifies and uses the provided signature\n\nThis workflow is particularly useful for high-security environments where private keys must be kept in secure hardware or air-gapped systems.\n\n## Installation\n\n```bash\npip install spsdk-offline-signature-provider\n```\n\n### Workflow\n\n1. When SPSDK needs to sign data, it will call the Offline Signature Provider\n2. The provider will:\n - Calculate the hash of the data\n - Print the hash value to the console\n - Save the hash to a file (e.g., `ahab_container_hash.SHA256`)\n - Prompt you to provide the path to a signature file\n3. You can then:\n - Use your secure signing process to sign the hash\n - Provide the path to the signature file when prompted\n4. The provider will:\n - Verify the signature format and size\n - Return the signature to SPSDK to complete the operation\n\n### Supported Hash Algorithms\n\nThe hash algorithm is determined by the key size:\n\n- 256-bit key: SHA-256\n- 384-bit key: SHA-384\n- 521-bit key: SHA-512\n\n## Development\n\n### Requirements\n\n- Python 3.9+\n- SPSDK 2.x\n\n## License\n\nThis project is licensed under the BSD-3-Clause License - see the LICENSE file for details.\n\n## Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request.\n",
"bugtrack_url": null,
"license": "BSD-3-Clause",
"summary": "Offline Signature Provider for SPSDK.",
"version": "0.1.0",
"project_urls": {
"Homepage": "https://github.com/nxp-mcuxpresso/spsdk_plugins/tree/master/offline_signature_provider",
"Issues": "https://github.com/nxp-mcuxpresso/spsdk_plugins/issues"
},
"split_keywords": [
"nxp",
" spsdk",
" signature provider"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "10d8fe89bbf7016073d502b689632f944ad03bf9288bf2a9de515319ea2a60e6",
"md5": "d6608d52de4b5d6165e917883a5e9f99",
"sha256": "1af82419e9ea1abd27227730ea1f06d8ca0ddc47ddec56b3d142201b36079c7b"
},
"downloads": -1,
"filename": "spsdk_offline_signature_provider-0.1.0.tar.gz",
"has_sig": false,
"md5_digest": "d6608d52de4b5d6165e917883a5e9f99",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 6030,
"upload_time": "2025-07-18T13:33:10",
"upload_time_iso_8601": "2025-07-18T13:33:10.585874Z",
"url": "https://files.pythonhosted.org/packages/10/d8/fe89bbf7016073d502b689632f944ad03bf9288bf2a9de515319ea2a60e6/spsdk_offline_signature_provider-0.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-18 13:33:10",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "nxp-mcuxpresso",
"github_project": "spsdk_plugins",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "spsdk-offline-signature-provider"
}
JSON
