otto-ifak/aasx-signer

Sign and verify Asset Administration Shell AASX files

AASX Signer

Tool to sign and verify Asset Administration Shell AASX files.

Prerequisites

AASX Signer uses PGP for signing / verification. Therefore you need to create a PGP keypair beforehand, for example using:

gpg --gen-key

Usage

Sign file.aasx:

./aasx-signer.sh sign file.aasx file_signed.aasx

Verify file_signed.aasx:

./aasx-signer.sh verify file_signed.aasx

How it works

For signing, AASX Signer generates a PGP signature for the input file and adds it to the input file (which is a zip container) as SIGNATURE file.

For verification, this process is reversed, i.e., the SIGNATURE file is extracted and removed from the input file and then checked via PGP.