Asymmetric encryption support

[Siva Kumar]

Hi All,

I am very new to cryptography and this is the first time that I am working with openSSL.

My requirement is to encrypt and sign an image file which will be verified and decrypted at the device side. The device which I am talking about is a Linux device running on the ARM architecture. We have cross compiled openSSL for this architecture and is working fine.

We have decided to use asymmetric encryption. So the firmware image will be signed by the public key and at the device side after downloading the image it will be decrypted using the private key. Since we are also signing the image, we need to have the public key to verify it at the device side.

So my question here is:-

1) Is it fine to have both the public and the private key at the device. Is this a best approach to follow?

2) If we are having both the keys in the device, then is it required to encrypt these keys?

3) When the firmware image is signed we will get the hash/digest file which is required to verify this image at the device side. Is it possible to embed this hash file into the actual firmware image which can be used while verifying and then discarded.

4) For signing should I use a HMAC shared key or the asymmetric key pair. Which one should be the best approach in this scenario?

I would really appreciate if you could give me some suggestion or pointers regarding this.

Thanks in advance,

Siva

[Matt Caswell]

Hi Siva

This is the wrong forum for your question.

Please send your post to the openss-users group:

https://www.openssl.org/support/community.html

Matt