Asymmetric key encryption for SWupdate artifacts
46 views
Skip to first unread message
k.sali...@gmail.com
Nov 27, 2019, 9:10:49 AM11/27/19
to swupdate
Hello,
Currently, SWupdate uses symmetric key encryption for SWupdate artifacts. Is there any plan to support asymmetric key encryption as well ? Thanks.
Best,
Salih Bakir
Stefano Babic
Nov 27, 2019, 1:41:32 PM11/27/19
to k.sali...@gmail.com, swupdate
Hi Salih,
On 27/11/19 15:10, k.sali...@gmail.com wrote:
> Hello,
>
> Currently, SWupdate uses symmetric key encryption for SWupdate
> artifacts. Is there any plan to support asymmetric key encryption as
> well ? Thanks.
Not yet, sponsors welcome !
However, can you explain the reason you need asymettric encryption ? If
this has advantage in the communication between two subjects, this has
some drawbacks when applied to devices. An asymmetric encryption
requires to encrypt with the public key and decrypt with the private
key. This means that each device must have a private key, and this
should be well hidden - a TPM chip can be required. Not only, it makes
no sense to have the same private key on all devices: each device should
be deployed with its own private key. This makes impossible to generate
a rootfs and a SWU that can be installed on all devices: each device can
just decrypt its own SWU, and this becomes a horror when software should
be deployed. So can you explain which is the use case and which are the
advantages on embedded systems ?
Best regards,
Stefano Babic
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sba...@denx.de
=====================================================================
On 27/11/19 15:10, k.sali...@gmail.com wrote:
> Hello,
>
> Currently, SWupdate uses symmetric key encryption for SWupdate
> artifacts. Is there any plan to support asymmetric key encryption as
> well ? Thanks.
However, can you explain the reason you need asymettric encryption ? If
this has advantage in the communication between two subjects, this has
some drawbacks when applied to devices. An asymmetric encryption
requires to encrypt with the public key and decrypt with the private
key. This means that each device must have a private key, and this
should be well hidden - a TPM chip can be required. Not only, it makes
no sense to have the same private key on all devices: each device should
be deployed with its own private key. This makes impossible to generate
a rootfs and a SWU that can be installed on all devices: each device can
just decrypt its own SWU, and this becomes a horror when software should
be deployed. So can you explain which is the use case and which are the
advantages on embedded systems ?
Best regards,
Stefano Babic
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sba...@denx.de
=====================================================================
Salih Bakir
Nov 28, 2019, 1:10:38 AM11/28/19
to swupdate
Hello Stefano,
Thank you for the message. Actually, I need to keep the key secured for both encryption methods (Asymmetric and symmetric) in the embedded device. Crypto containers may be used to keep them secured, I think it is better to discuss this topic in details via different thread.
27 Kasım 2019 Çarşamba 21:41:32 UTC+3 tarihinde Stefano Babic yazdı:
The advantage of asymmetric encryption, we can use public key for encryption and distribute/store it easily than symmetric key. Because, the use case I am working on is that I am using SWupdate not only updating the whole FW but also updating the application in the system. And also I want to allow customers to deploy their application to the system in a secure way. Therefore, I need to distribute the public key to allow users to encrypt their own applications. And corresponding devices will have the same private key to decrypt incoming artifacts. So, this way seems more secure than symmetric key encryption. What do you think?
Best Regards,
Salih Bakir
27 Kasım 2019 Çarşamba 21:41:32 UTC+3 tarihinde Stefano Babic yazdı:
Hi Salih,
Stefano Babic
Nov 28, 2019, 4:07:34 AM11/28/19
to Salih Bakir, swupdate
Hi Salih,
On 28/11/19 07:10, Salih Bakir wrote:
> Hello Stefano,
>
> Thank you for the message. Actually, I need to keep the key secured for
> both encryption methods (Asymmetric and symmetric) in the embedded
> device. Crypto containers may be used to keep them secured, I think it
> is better to discuss this topic in details via different thread.
Agree. Secure storage is a different topic.
> The advantage of asymmetric encryption, we can use public key for
> encryption and distribute/store it easily than symmetric key. Because,
> the use case I am working on is that I am using SWupdate not only
> updating the whole FW but also updating the application in the system.
This is a common case.
> And also I want to allow customers to deploy their application to the
> system in a secure way.
It is also a different thing.
> Therefore, I need to distribute the public key
> to allow users to encrypt their own applications. And corresponding
> devices will have the same private key to decrypt incoming artifacts.
Then all devices share the same private key - the point by symmetric
encryption is that the key must be installed on both parts. In fact, in
cryptography's bibliography it is clarified that the key should be
shared using a different channel as the one for the communication. In
fact, in SWUpdate the keys are shared offline. On the asymmetric
encryption keys are not shared because they are generated by the
subjects: true in case of persons, not true in case of thousands of
devices. What are you saying becomes true if the device itself generates
a RSA key and sends itself the public key to the communication partner,
and of course each device has its own private key.
Please note that deploy in a secure way, that is verifying the software,
is different from encryption. Goal of the encryption is to protect IP,
but the device does not verify that software is coming from an
authenticated source. If someone can get the private key from a single
device, he is allowed to generate a different application as the one
that should run for all devices. Devices will accept them because they
can decrypt them.
The use case with OEMs is supported by SWUpdate using certificates and
PKI. You can deploy certificates to your customers and they are allowed
to sign their application and their SWUs. On the device, just the public
CA certificate is needed.
> So, this way seems more secure than symmetric key encryption. What do
> you think?
It is not as you are putting the same private key on all devices. This
contradicts the basement for its usage. Why is it more safe if you have
the same key on all devices, exactly as you do for symmetric encryption ?
Best regards,
Stefano Babic
>
> sba...@denx.de <javascript:>
> =====================================================================
>
> --
> You received this message because you are subscribed to the Google
> Groups "swupdate" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to swupdate+u...@googlegroups.com
> <mailto:swupdate+u...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/swupdate/9fbcdb5b-8bde-4b70-9715-b00780c13c3d%40googlegroups.com
> <https://groups.google.com/d/msgid/swupdate/9fbcdb5b-8bde-4b70-9715-b00780c13c3d%40googlegroups.com?utm_medium=email&utm_source=footer>.
On 28/11/19 07:10, Salih Bakir wrote:
> Hello Stefano,
>
> Thank you for the message. Actually, I need to keep the key secured for
> both encryption methods (Asymmetric and symmetric) in the embedded
> device. Crypto containers may be used to keep them secured, I think it
> is better to discuss this topic in details via different thread.
> The advantage of asymmetric encryption, we can use public key for
> encryption and distribute/store it easily than symmetric key. Because,
> the use case I am working on is that I am using SWupdate not only
> updating the whole FW but also updating the application in the system.
> And also I want to allow customers to deploy their application to the
> system in a secure way.
> Therefore, I need to distribute the public key
> to allow users to encrypt their own applications. And corresponding
> devices will have the same private key to decrypt incoming artifacts.
encryption is that the key must be installed on both parts. In fact, in
cryptography's bibliography it is clarified that the key should be
shared using a different channel as the one for the communication. In
fact, in SWUpdate the keys are shared offline. On the asymmetric
encryption keys are not shared because they are generated by the
subjects: true in case of persons, not true in case of thousands of
devices. What are you saying becomes true if the device itself generates
a RSA key and sends itself the public key to the communication partner,
and of course each device has its own private key.
Please note that deploy in a secure way, that is verifying the software,
is different from encryption. Goal of the encryption is to protect IP,
but the device does not verify that software is coming from an
authenticated source. If someone can get the private key from a single
device, he is allowed to generate a different application as the one
that should run for all devices. Devices will accept them because they
can decrypt them.
The use case with OEMs is supported by SWUpdate using certificates and
PKI. You can deploy certificates to your customers and they are allowed
to sign their application and their SWUs. On the device, just the public
CA certificate is needed.
> So, this way seems more secure than symmetric key encryption. What do
> you think?
contradicts the basement for its usage. Why is it more safe if you have
the same key on all devices, exactly as you do for symmetric encryption ?
Best regards,
Stefano Babic
>
> Best Regards,
> Salih Bakir
>
>
> 27 Kasım 2019 Çarşamba 21:41:32 UTC+3 tarihinde Stefano Babic yazdı:
>
> Hi Salih,
>
> Salih Bakir
>
>
> 27 Kasım 2019 Çarşamba 21:41:32 UTC+3 tarihinde Stefano Babic yazdı:
>
> Hi Salih,
>
> =====================================================================
>
> --
> You received this message because you are subscribed to the Google
> Groups "swupdate" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to swupdate+u...@googlegroups.com
> <mailto:swupdate+u...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/swupdate/9fbcdb5b-8bde-4b70-9715-b00780c13c3d%40googlegroups.com
> <https://groups.google.com/d/msgid/swupdate/9fbcdb5b-8bde-4b70-9715-b00780c13c3d%40googlegroups.com?utm_medium=email&utm_source=footer>.
Salih Bakir
Nov 28, 2019, 5:54:50 AM11/28/19
to swupdate
28 Kasım 2019 Perşembe 12:07:34 UTC+3 tarihinde Stefano Babic yazdı:
Hi Salih,
On 28/11/19 07:10, Salih Bakir wrote:
> Hello Stefano,
>
> Thank you for the message. Actually, I need to keep the key secured for
> both encryption methods (Asymmetric and symmetric) in the embedded
> device. Crypto containers may be used to keep them secured, I think it
> is better to discuss this topic in details via different thread.
Agree. Secure storage is a different topic.
Agreed.
> The advantage of asymmetric encryption, we can use public key for
> encryption and distribute/store it easily than symmetric key. Because,
> the use case I am working on is that I am using SWupdate not only
> updating the whole FW but also updating the application in the system.
This is a common case.
Agreed.
> And also I want to allow customers to deploy their application to the
> system in a secure way.
It is also a different thing.
Agreed.
> Therefore, I need to distribute the public key
> to allow users to encrypt their own applications. And corresponding
> devices will have the same private key to decrypt incoming artifacts.
Then all devices share the same private key - the point by symmetric
encryption is that the key must be installed on both parts. In fact, in
cryptography's bibliography it is clarified that the key should be
shared using a different channel as the one for the communication. In
fact, in SWUpdate the keys are shared offline. On the asymmetric
encryption keys are not shared because they are generated by the
subjects: true in case of persons, not true in case of thousands of
devices. What are you saying becomes true if the device itself generates
a RSA key and sends itself the public key to the communication partner,
and of course each device has its own private key.
Yes, all devices will share the same private key but it is the same for symmetric key method also. With the asymmetric method, we will share public key offline also, we will keep the way of sharing secrets like the symmetric method. Do you use the different symmetric keys for each device? If not, why can not we use the same private key for all devices?
Please note that deploy in a secure way, that is verifying the software,
is different from encryption. Goal of the encryption is to protect IP,
but the device does not verify that software is coming from an
authenticated source. If someone can get the private key from a single
device, he is allowed to generate a different application as the one
that should run for all devices. Devices will accept them because they
can decrypt them.
Agreed, the main motivation is protecting the IP not verifying the source. But if someone gets the symmetric key from one device, it will be the same scenario. Protecting the secret inside the device must be handled accordingly. As we agreed, this should be discussed in a different thread.
The use case with OEMs is supported by SWUpdate using certificates and
PKI. You can deploy certificates to your customers and they are allowed
to sign their application and their SWUs. On the device, just the public
CA certificate is needed.
Agreed, but signing is different topic. Our goal is to protect IP.
> So, this way seems more secure than symmetric key encryption. What do
> you think?
It is not as you are putting the same private key on all devices. This
contradicts the basement for its usage. Why is it more safe if you have
the same key on all devices, exactly as you do for symmetric encryption ?
Agreed, keeping the secret inside devices is the same as the symmetric method. But I can distribute the public key as I wish via offline way but this is not the case for the symmetric key. I need to take care of the security of symmetric key while distributing and using it.
> an email to swup...@googlegroups.com
> <mailto:swup...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/swupdate/9fbcdb5b-8bde-4b70-9715-b00780c13c3d%40googlegroups.com
> <https://groups.google.com/d/msgid/swupdate/9fbcdb5b-8bde-4b70-9715-b00780c13c3d%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sba...@denx.de
=====================================================================
28 Kasım 2019 Perşembe 12:07:34 UTC+3 tarihinde Stefano Babic yazdı:
> an email to swup...@googlegroups.com
> <mailto:swup...@googlegroups.com>.
Stefano Babic
Nov 28, 2019, 6:07:59 AM11/28/19
to Salih Bakir, swupdate
Hi Salih,
Exactly - so now, which is the added value with asymettric key if you
share the same private key ? You fallback in the same case as with
symmetric keys, and you must maintain private and public secret.
> With the asymmetric method, we will share
> public key offline also,
But then, this is not how a "public" key is thought. The goal of
asymettric encryption is that you are allowed to distribute the public
key to everybody. If you need to maintain the "public" key secret, you
have the same case as with symmetry keys, but you pays an additional
cost because the decryption on the target is more time and resource
consuming.
> we will keep the way of sharing secrets like
> the symmetric method.
ok, then again: where are the advantages ?
> Do you use the different symmetric keys for each
> device?
No - not that is not possible, but this requires to encrypt the SWU for
each device and becomes a nightmare for building and deployment.
> If not, why can not we use the same private key for all devices?
Because if yes, why do not use symmetric keys instead ? You have no
advantages if the public key must remain secret.
>
> Please note that deploy in a secure way, that is verifying the
> software,
> is different from encryption. Goal of the encryption is to protect IP,
> but the device does not verify that software is coming from an
> authenticated source. If someone can get the private key from a single
> device, he is allowed to generate a different application as the one
> that should run for all devices. Devices will accept them because they
> can decrypt them.
>
> Agreed, the main motivation is protecting the IP not verifying the
> source.
Ok, got it.
> But if someone gets the symmetric key from one device, it will
> be the same scenario. Protecting the secret inside the device must be
> handled accordingly. As we agreed, this should be discussed in a
> different thread.
>
Right.
> The use case with OEMs is supported by SWUpdate using certificates and
> PKI. You can deploy certificates to your customers and they are allowed
> to sign their application and their SWUs. On the device, just the
> public
> CA certificate is needed.
>
> Agreed, but signing is different topic. Our goal is to protect IP.
>
>
> > So, this way seems more secure than symmetric key encryption.
> What do
> > you think?
>
> It is not as you are putting the same private key on all devices. This
> contradicts the basement for its usage. Why is it more safe if you have
> the same key on all devices, exactly as you do for symmetric
> encryption ?
>
>
> Agreed, keeping the secret inside devices is the same as the symmetric
> method.
Then ?
> But I can distribute the public key as I wish via offline way
> but this is not the case for the symmetric key.
Why not ? I do not see the difference. You distribute a key via offline
way in both cases. You do not use the advantages of the asymmetric
encryption. Just if you have a private key for each device you will get
a real advantage compared to symmetric keys.
> I need to take care of
> the security of symmetric key while distributing and using it.
And you need to take care of the "public" key while distributing and
using it. There is yes a slight difference (who owns the public key can
generate any software but it cannot decrypt it), but the main advantage
of asymmetric encryption (to publish the public key) is lost.
Best regards,
Stefano Babic
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sba...@denx.de
=====================================================================
share the same private key ? You fallback in the same case as with
symmetric keys, and you must maintain private and public secret.
> With the asymmetric method, we will share
> public key offline also,
asymettric encryption is that you are allowed to distribute the public
key to everybody. If you need to maintain the "public" key secret, you
have the same case as with symmetry keys, but you pays an additional
cost because the decryption on the target is more time and resource
consuming.
> we will keep the way of sharing secrets like
> the symmetric method.
> Do you use the different symmetric keys for each
> device?
each device and becomes a nightmare for building and deployment.
> If not, why can not we use the same private key for all devices?
advantages if the public key must remain secret.
>
> Please note that deploy in a secure way, that is verifying the
> software,
> is different from encryption. Goal of the encryption is to protect IP,
> but the device does not verify that software is coming from an
> authenticated source. If someone can get the private key from a single
> device, he is allowed to generate a different application as the one
> that should run for all devices. Devices will accept them because they
> can decrypt them.
>
> Agreed, the main motivation is protecting the IP not verifying the
> source.
> But if someone gets the symmetric key from one device, it will
> be the same scenario. Protecting the secret inside the device must be
> handled accordingly. As we agreed, this should be discussed in a
> different thread.
>
> The use case with OEMs is supported by SWUpdate using certificates and
> PKI. You can deploy certificates to your customers and they are allowed
> to sign their application and their SWUs. On the device, just the
> public
> CA certificate is needed.
>
> Agreed, but signing is different topic. Our goal is to protect IP.
>
>
> > So, this way seems more secure than symmetric key encryption.
> What do
> > you think?
>
> It is not as you are putting the same private key on all devices. This
> contradicts the basement for its usage. Why is it more safe if you have
> the same key on all devices, exactly as you do for symmetric
> encryption ?
>
>
> Agreed, keeping the secret inside devices is the same as the symmetric
> method.
> But I can distribute the public key as I wish via offline way
> but this is not the case for the symmetric key.
way in both cases. You do not use the advantages of the asymmetric
encryption. Just if you have a private key for each device you will get
a real advantage compared to symmetric keys.
> I need to take care of
> the security of symmetric key while distributing and using it.
using it. There is yes a slight difference (who owns the public key can
generate any software but it cannot decrypt it), but the main advantage
of asymmetric encryption (to publish the public key) is lost.
Best regards,
Stefano Babic
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sba...@denx.de
Salih Bakir
Nov 28, 2019, 7:02:19 AM11/28/19
to swupdate
Hi Stefano,
28 Kasım 2019 Perşembe 14:07:59 UTC+3 tarihinde Stefano Babic yazdı:
28 Kasım 2019 Perşembe 14:07:59 UTC+3 tarihinde Stefano Babic yazdı:
Only advantage is that I can distribute public key as I wish without thinking about additional security measurement like symmetric key distribution. If the symmetric key is compromised during distribution or while using it, it will cause problem. But this is not the case for public key.
> With the asymmetric method, we will share
> public key offline also,
But then, this is not how a "public" key is thought. The goal of
asymettric encryption is that you are allowed to distribute the public
key to everybody. If you need to maintain the "public" key secret, you
have the same case as with symmetry keys, but you pays an additional
cost because the decryption on the target is more time and resource
consuming.
I will not keep public key as secret. I do not need to keep it like symmetric key and my goal is to distribute public key without compromising the encryption.
> we will keep the way of sharing secrets like
> the symmetric method.
ok, then again: where are the advantages ?
Please see above.
> Do you use the different symmetric keys for each
> device?
No - not that is not possible, but this requires to encrypt the SWU for
each device and becomes a nightmare for building and deployment.
Agreed.
> If not, why can not we use the same private key for all devices?
Because if yes, why do not use symmetric keys instead ? You have no
advantages if the public key must remain secret.
Please see above for the first answer.
Please see above
> I need to take care of
> the security of symmetric key while distributing and using it.
And you need to take care of the "public" key while distributing and
using it. There is yes a slight difference (who owns the public key can
generate any software but it cannot decrypt it), but the main advantage
of asymmetric encryption (to publish the public key) is lost.
Please see above for the advantages.
Best regards,
Stefano Babic
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sba...@denx.de
=====================================================================
Best,
Salih
Stefano Babic
Nov 28, 2019, 7:26:04 AM11/28/19
to Salih Bakir, swupdate
Hi Salih,
This is the only advantage in this case.
Ok, I think we agreed (with different words) about pros and cons.
Tolga Hoşgör
Nov 28, 2019, 8:13:49 AM11/28/19
to swupdate
Hi,
I think the use case is here to prevent the middle-man from seeing the content of the data inside .swu until it reaches the device.
If the .swu is generated by an unknown developer and somehow leaked or transferred through a public place, it should be safe until it reaches to _any_ device.
BR,
Tolga.
Stefano Babic
Nov 28, 2019, 8:27:58 AM11/28/19
to Tolga Hoşgör, swupdate
Hi Tolga,
On 28/11/19 14:13, Tolga Hoşgör wrote:
> Hi,
>
> I think the use case is here to prevent the middle-man from seeing the
> content of the data inside .swu until it reaches the device.
>
Well, this is guaranteed if the communication itself is safe, for
example on HTTPS and certificates are verified on both side (device and
server). IMHO this wants to protect IP if someone gets the SWU.
For example, SWU is just on a server and available and everyone can load
it. You do not need any attack. Anyone can take it and open it, even if
it does not own the device.
> If the .swu is generated by an unknown developer and somehow leaked or
> transferred through a public place, it should be safe until it reaches
> to _any_ device.
For that, verification of software is required.
Regards,
Stefano Babic
> <mailto:swupdate+u...@googlegroups.com>.
> <https://groups.google.com/d/msgid/swupdate/2c5a3567-bcf3-4946-9242-faf46eeee525%40googlegroups.com?utm_medium=email&utm_source=footer>.
On 28/11/19 14:13, Tolga Hoşgör wrote:
> Hi,
>
> I think the use case is here to prevent the middle-man from seeing the
> content of the data inside .swu until it reaches the device.
>
example on HTTPS and certificates are verified on both side (device and
server). IMHO this wants to protect IP if someone gets the SWU.
For example, SWU is just on a server and available and everyone can load
it. You do not need any attack. Anyone can take it and open it, even if
it does not own the device.
> If the .swu is generated by an unknown developer and somehow leaked or
> transferred through a public place, it should be safe until it reaches
> to _any_ device.
Regards,
Stefano Babic
> sba...@denx.de <javascript:>
> =====================================================================
>
> --
> You received this message because you are subscribed to the Google
> Groups "swupdate" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to swupdate+u...@googlegroups.com
> =====================================================================
>
> --
> You received this message because you are subscribed to the Google
> Groups "swupdate" group.
> To unsubscribe from this group and stop receiving emails from it, send
> <mailto:swupdate+u...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/swupdate/2c5a3567-bcf3-4946-9242-faf46eeee525%40googlegroups.com
> <https://groups.google.com/d/msgid/swupdate/2c5a3567-bcf3-4946-9242-faf46eeee525%40googlegroups.com?utm_medium=email&utm_source=footer>.
Salih Bakir
Nov 28, 2019, 8:46:06 AM11/28/19
to swupdate
Hi Stefano,
28 Kasım 2019 Perşembe 16:27:58 UTC+3 tarihinde Stefano Babic yazdı:
I agree with you about pros and cons of both option. Maybe we can combine them together like TLS communication. So, we will put asymmetric private key to device and distribute public key. And user will create their symmetric key to encrypt artifact. Here is the sequence briefly:
Use Case:
- The user creates their own symmetric key.
- User encrypts their artifact with their symmetric key
- User encrypts the symmetric key with our public key
- The user creates SWU file with encrypted artifacts + encrypted symmetric key
- Swupdate downloads SWU file and decrypts encrypted symmetric key via its private key
- SWupdate uses the symmetric key to decrypte encrypted artifacts
- Swupdate installs the decrypted artifacts.
What do you think about this solution? Thanks.
Best Regards,
Salih Bakir
28 Kasım 2019 Perşembe 16:27:58 UTC+3 tarihinde Stefano Babic yazdı:
> an email to swup...@googlegroups.com
> <mailto:swup...@googlegroups.com>.
Stefano Babic
Nov 28, 2019, 9:50:09 AM11/28/19
to Salih Bakir, swupdate
Hi Salih,
On 28/11/19 14:46, Salih Bakir wrote:
> Hi Stefano,
>
>
> 1. The user creates their own symmetric key.
> 2. User encrypts their artifact with their symmetric key
> 3. User encrypts the symmetric key with our public key
> 4. The user creates SWU file with encrypted artifacts + encrypted
> symmetric key
> 5. Swupdate downloads SWU file and decrypts encrypted symmetric key
> via its private key
> 6. SWupdate uses the symmetric key to decrypte encrypted artifacts
> 7. Swupdate installs the decrypted artifacts.
this way, symmetric key can be exchanged by each update. I agree this is
a good way.
Best regards,
Stefano Babic
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sba...@denx.de
=====================================================================
On 28/11/19 14:46, Salih Bakir wrote:
> Hi Stefano,
>
> I agree with you about pros and cons of both option. Maybe we can
> combine them together like TLS communication. So, we will put asymmetric
> private key to device and distribute public key. And user will create
> their symmetric key to encrypt artifact. Here is the sequence briefly:
>
> *Use Case:*
> combine them together like TLS communication. So, we will put asymmetric
> private key to device and distribute public key. And user will create
> their symmetric key to encrypt artifact. Here is the sequence briefly:
>
>
> 1. The user creates their own symmetric key.
> 2. User encrypts their artifact with their symmetric key
> 3. User encrypts the symmetric key with our public key
> 4. The user creates SWU file with encrypted artifacts + encrypted
> symmetric key
> 5. Swupdate downloads SWU file and decrypts encrypted symmetric key
> via its private key
> 6. SWupdate uses the symmetric key to decrypte encrypted artifacts
> 7. Swupdate installs the decrypted artifacts.
>
> What do you think about this solution? Thanks.
Yes, this is the well known way to exchange a symmetric key for TLS. In
> What do you think about this solution? Thanks.
this way, symmetric key can be exchanged by each update. I agree this is
a good way.
Best regards,
Stefano Babic
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sba...@denx.de
Salih Bakir
Nov 29, 2019, 1:15:04 AM11/29/19
to swupdate
Hi Stefano,
28 Kasım 2019 Perşembe 17:50:09 UTC+3 tarihinde Stefano Babic yazdı:
Thank you for the feedback so far. It was really helpful. I think we all agree with latest solution. I will start to work on this topic when I have time. After implementation is done, we will let you know for adding it to upstream also. Thanks and have a nice day!
Best Regards,
Salih Bakir
28 Kasım 2019 Perşembe 17:50:09 UTC+3 tarihinde Stefano Babic yazdı:
Reply all
Reply to author
Forward
0 new messages