nRF9160: Download client

The Download client sample demonstrates how to download a file from an HTTP or a CoAP server, with optional TLS or DTLS. It uses the Download client library.


The sample supports the following development kit:

Hardware platforms


Board name

Build target

nRF9160 DK




When built for an _ns build target, the sample is configured to compile and run as a non-secure application with Cortex-M Security Extensions enabled. Therefore, it automatically includes Trusted Firmware-M that prepares the required peripherals and secure services to be available for the application.


The sample first initializes the Modem library and AT communications. Next, it provisions a certificate to the modem using the Modem key management library if the CONFIG_SAMPLE_SECURE_SOCKET option is set. The provisioning of the certificates must be done before connecting to the LTE network since the certificates can only be provisioned when the device is not connected. The certificate file name and security tag can be configured using the CONFIG_SAMPLE_SEC_TAG and the CONFIG_SAMPLE_CERT_FILE options, respectively.

The sample then performs the following actions:

  1. Establishes a connection to the LTE network

  2. Optionally sets up the secure socket options

  3. Uses the Download client library to download a file from an HTTP server.

Downloading from a CoAP server

To enable CoAP block-wise transfer, it is necessary to enable Zephyr’s CoAP stack using the CONFIG_COAP option.

Using TLS and DTLS

When the CONFIG_SAMPLE_SECURE_SOCKET option is set, the sample provisions the certificate found in the samples/nrf9160/download/cert folder. The certificate file name is indicated by the CONFIG_SAMPLE_CERT_FILE option. This certificate will work for the default test files. If you are using a custom download test file, you must provision the correct certificate for the servers from which the certificates will be downloaded.

See Certificates for more information.


See Configuring your application for information about how to permanently or temporarily change the configuration.

Configuration options

Check and configure the following configuration options for the sample:

CONFIG_SAMPLE_SECURE_SOCKET - Secure socket configuration

If enabled, this option provisions the certificate to the modem.

CONFIG_SAMPLE_SEC_TAG - Security tag configuration

This option configures the security tag.

CONFIG_SAMPLE_CERT_FILE - Certificate file name configuration

This option sets the certificate file name.

CONFIG_SAMPLE_COMPUTE_HASH - Hash compute configuration

If enabled, this option computes the SHA256 hash of the downloaded file.

CONFIG_SAMPLE_COMPARE_HASH - Hash compare configuration

If enabled, this option compares the hash against the SHA256 hash set by CONFIG_SAMPLE_SHA256_HASH for a match.

CONFIG_SAMPLE_SHA256_HASH - Hash configuration

This option sets the SHA256 hash to be compared with CONFIG_SAMPLE_COMPUTE_HASH.

Building and running

This sample can be found under samples/nrf9160/download in the nRF Connect SDK folder structure.

When built as firmware image for the _ns build target, the sample has Cortex-M Security Extensions (CMSE) enabled and separates the firmware between Non-Secure Processing Environment (NSPE) and Secure Processing Environment (SPE). Because of this, it automatically includes the Trusted Firmware-M (TF-M). To read more about CMSE, see Processing environments.

To build the sample with Visual Studio Code, follow the steps listed on the How to build an application page in the nRF Connect for VS Code extension documentation. See Building and programming an application for other building and programming scenarios and Testing and debugging an application for general information about testing and debugging in the nRF Connect SDK.


After programming the sample to your development kit, test it by performing the following steps:

  1. Connect the development kit to your PC using a USB cable and power on or reset the kit.

  2. Open a terminal emulator that supports VT100/ANSI escape characters and observe that the sample starts, provisions certificates, and starts to download.

  3. Observe that the progress bar fills up as the download progresses.

  4. Observe that the sample displays the message “Download completed” on the terminal when the download completes.

Sample output

The following output is logged on the terminal when the sample downloads a file from an HTTPS server:

Download client sample started
Provisioning certificate
Waiting for network.. OK
[ 100% ] |==================================================| (102923/102923 bytes)
Download completed in 12966 ms @ 7937 bytes per sec, total 102923 bytes


This sample uses the following nRF Connect SDK libraries:

It uses the following sdk-nrfxlib library:

In addition, it uses the following secure firmware component: