Skip to content

HCC2 Application Signing

To deploy an application to an HCC2, it must be signed with a private key that has an associated public key present on the device. This signing process adds protection for end users by blocking the installation of malicious or tampered software.

When you start developing an application for an HCC2, you should apply a development mode license to the unit you will use for testing. When your app is ready for wider release, an OEM developer key is also required. To obtain a free development mode license, email a request to Sensia at licensing@sensiaglobal.com with the subject identified as HCC2 Development Licensing. In the body of the email, specify your device serial number and the license part number for activating the development mode.

Two licenses are available; one for activating the development mode, and one for deactivating it.

License Part Number Description
Edge-SDK-Dev-Lic Installs the Development Mode activation
Edge-SDK-Dev-LicDel Deletes the Development Mode activation

Development Mode License

Within the HCC2 is a service that contains a development mode public key. When the development mode license is applied to the HCC2 via the Unity Edge license management page, the development mode public key is added to a list of accepted keys in the device. At this point, any application signed with the associated development mode private key will be allowed to run. This is similar to enabling side-loading in a mobile device.

The development mode license is bound to the serial number of an HCC2 device and cannot be used on any other HCC2 device.

As an application developer, you will write your application(s) and sign them with the development mode private key by passing them through the application signing and packaging process. You can then load the applications onto any HCC2 device with the developer mode enabled, via the EPM.

Important

The development mode private key is NOT secret, not unique, and therefore, not secure. An HCC2 device operating in the development mode should NOT be used in a production environment.

Removal of Development Mode License

When an HCC2 used for development is ready to be restored to its original state for use in a production environment, you must remove the development mode license and any software, files or configurations associated with application development.

First, remove the development mode license by installing a development mode removal license. To obtain the license, email a request to Sensia at licensing@sensiaglobal.com with the subject identified as HCC2 Developer License Removal. In the body of the email, specify your device serial number and the license part number for development mode license deletion.

Install the development mode removal license using the Unity license manager.

Be aware that apps installed with the development mode license will persist even after the development mode license is removed. You must reset the HCC2 to FACTORY SETTINGS to mitigate the risk associated with unwanted or unstable software, files, or configuration changes resulting from development activities. Only HCC2 devices that have been restored to factory settings following removal of a development mode license are suitable for production use.

HCC2 OEM Signing Keys

An OEM public key permits an application developer (or organization) to sign applications that can be deployed in HCC2 devices that are used in production environments.

Once the developer has an 'OEM public key' file, they can distribute it to others for installation on their devices, enabling them to run the developer's OEM apps. This mechanism gives asset owners control over their devices while allowing third party apps.

To register with Sensia as an HCC2 OEM application developer, use this procedure:

  1. Generate a Public / Private key pair. You can use the hccdevtools/gen_local_key.sh script (installed as part of your development environment), although Sensia recommends generating and managing the keys within a secure vault environment. Refer to the contents of the gen_local_key script for details about the key format.

  2. Pass the Public Key to Sensia for processing. Sensia will return a mender file, also known as the 'OEM public key' file.
    This file can be loaded into any HCC2 via the Edge Package Manager (EPM) and deployed on multiple HCC2 devices to provide access to your OEM apps.

The Private Key remains with you (the vendor) and it is your responsibility to keep it secure. This key will be used to sign all OEM applications you develop and deploy.