diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index 0a0173dcd..915a29ed3 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -121,6 +121,9 @@ Usage:  ota_from_target_files [flags] input_target_files output_ota_package
       directly, a payload signer that knows how to do that should be specified.
       The signer will be supplied with "-inkey <path_to_key>",
       "-in <input_file>" and "-out <output_file>" parameters.
+
+  --payload_signer_args <args>
+      Specify the arguments needed for payload signer.
 """
 
 import sys
@@ -132,6 +135,7 @@ if sys.hexversion < 0x02070000:
 import multiprocessing
 import os
 import subprocess
+import shlex
 import tempfile
 import zipfile
 
@@ -169,6 +173,7 @@ OPTIONS.stash_threshold = 0.8
 OPTIONS.gen_verify = False
 OPTIONS.log_diff = None
 OPTIONS.payload_signer = None
+OPTIONS.payload_signer_args = []
 
 def MostPopularKey(d, default):
   """Given a dict, return the key corresponding to the largest
@@ -1246,22 +1251,23 @@ def WriteABOTAPackageWithBrilloScript(target_file, output_file,
                                                  suffix=".bin")
   # 3a. Sign the payload hash.
   if OPTIONS.payload_signer is not None:
-    cmd = [OPTIONS.payload_signer,
-           "-inkey", OPTIONS.package_key + OPTIONS.private_key_suffix]
+    cmd = [OPTIONS.payload_signer]
+    cmd.extend(OPTIONS.payload_signer_args)
   else:
     cmd = ["openssl", "pkeyutl", "-sign",
            "-inkey", rsa_key,
            "-pkeyopt", "digest:sha256"]
   cmd.extend(["-in", payload_sig_file,
               "-out", signed_payload_sig_file])
+
   p1 = common.Run(cmd, stdout=subprocess.PIPE)
   p1.wait()
   assert p1.returncode == 0, "openssl sign payload failed"
 
   # 3b. Sign the metadata hash.
   if OPTIONS.payload_signer is not None:
-    cmd = [OPTIONS.payload_signer,
-           "-inkey", OPTIONS.package_key + OPTIONS.private_key_suffix]
+    cmd = [OPTIONS.payload_signer]
+    cmd.extend(OPTIONS.payload_signer_args)
   else:
     cmd = ["openssl", "pkeyutl", "-sign",
            "-inkey", rsa_key,
@@ -1926,6 +1932,8 @@ def main(argv):
       OPTIONS.log_diff = a
     elif o == "--payload_signer":
       OPTIONS.payload_signer = a
+    elif o == "--payload_signer_args":
+      OPTIONS.payload_signer_args = shlex.split(a)
     else:
       return False
     return True
@@ -1956,6 +1964,7 @@ def main(argv):
                                  "gen_verify",
                                  "log_diff=",
                                  "payload_signer=",
+                                 "payload_signer_args=",
                              ], extra_option_handler=option_handler)
 
   if len(args) != 2: