Rebuild flash encryption/decryption in software

Dork507
Posts: 17
Joined: Wed Dec 14, 2022 7:35 pm

Re: Rebuild flash encryption/decryption in software

Postby Dork507 » Thu Dec 22, 2022 8:57 am

Yes, that's right. Now the title doesn't fit anymore. At first I thought I would use the encrypted files that espsecure.py creates and write them to flash memory.
To do this, each ESP32 must have the same key. The manual advises against it.

On the way to the solution, I found that the update.write function would also need to be changed. After that I just wanted to use the epsecure.py generated file and decrypt it on the ESP32. That's why I started the topic.
It's true, I should have asked for directions here in the forum and not for individual intermediate steps that were in my head.

How can I change the topic?

It is also correct that I can use any encryption to secure the transport. However, I thought I'd just use the espsecure.py with the AES256 algorithm. I didn't know about this "tweak" at the beginning. Only the post from esp_igrr and the analysis of espsecure.py showed that it is not pure AES256 ECB or CBC encryption.

But even when I switched off the "tweak" in espsecure.py, the encryption of the ESP32 and espsecure.py did not match. It was very confusing. Only when I used a different library did it fit.

Thanks anyway. esp_igrr opened my eyes.
Last edited by Dork507 on Thu Dec 22, 2022 9:02 am, edited 1 time in total.

Dork507
Posts: 17
Joined: Wed Dec 14, 2022 7:35 pm

Re: Rebuild flash encryption/decryption in software

Postby Dork507 » Thu Dec 22, 2022 9:01 am

boarchuz wrote:
Thu Dec 22, 2022 3:18 am
Dork507 wrote:
Wed Dec 21, 2022 11:13 pm
How I told. I want to send an encrypted file to the ESP over html (no https) or the user downloads its himself, like a firmware.bin.
The firmware shall nobody use on foreign Hardware. Only my first installed Software has the key.
The title is confusing, then. It sounded like you wanted to implement the exact same encryption as ESP32's flash encryption, so that the resulting binary can be written directly (raw) to the correct flash offset as it is received.

It's now apparent that what you actually want is to encrypt the binary for the purposes of secure transport. You can use whatever encryption you like, since you're decrypting the incoming data before passing it along to Update.write anyway (which will then encrypt as it writes to flash, if enabled).

There's an example here: https://github.com/espressif/esp-idf/tr ... rypted_ota
Thanks a lot the example was maybe the solution before I went my own way. Now there is a second solution in the Arduino framework. :roll:

Who is online

Users browsing this forum: benrank, MicroController, 快乐的小尾巴 and 108 guests