To make sure that the boot application data is transferred in an unreadable form, you should encrypt it using certificate-based encryption. License-based encryption (dongle) is no longer recommended.
Note: In case you want to download the application to different controllers, you will need the suitable certificate for each controller.
Requirement: You have a project with an application.
-
In the device tree, select the application.
-
In the context menu, click Properties.
The Properties – <application name> dialog opens.
-
Click the Security tab.
-
For Protection, select the Encryption with certificates option.
If the Enforce encryption of downloads, online changes and boot applications option is selected on the Users tab in the Security Level area of the Security Screen view, then the Encryption with certificates option is already permanently set.
The Certificates for encryption dialog field is enabled.
-
If you already have a valid certificate for application encryption on your computer, but this has not yet been entered in the table, then click the
button. If you do not yet have a certificate, continue with Step 7.The Certificate Selection dialog opens for selecting a certificate from the local Windows Certificate Store.
-
In the lower area, select a certificate and add it to the upper area by clicking the
button. Click OK to confirm.The certificate is shown in the Certificates for encryption field of the Security dialog.
-
If you do not yet have a valid certificate, then you can immediately generate one. In the Properties dialog of the application, click the Encryption Wizard button. In the Encryption Wizard dialog, click the Start button.
The Encryption Wizard prompts you to enter the Key length (bit) and Validity period (days).
Now the application can only be read by the controller with the specified certificate.
-
Note: To sign the boot application: In the Properties dialog, select the Digitally sign application code option and complete Steps 1–13 of the "Signing the boot application only with a certificate (no encryption)" instructions below.