Burning private keys onto an ESP32
Posted: Sat Oct 03, 2020 12:11 pm
I have been using the Arduino IDE to create sketches for the ESP32, this is great, however I am looking for a method to upload encrypted binaries to an ESP32 that it can decrypt then flash. Is this a possibility? Has this been done?
Initially I was thinking put a private key in the binary to flash, then subsequent updates could use that key to update to newer versions. That would mean new binaries must also have the private key in them in order to be able to update in the future - disallowing uploading a normal sketch with no key, then updating to an encrypted binary.
Therefore, is it possible to install a key on the ESP32, which cannot be read back by the user, but can be used to decrypt any encrypted binary uploaded to the device?
Does this make sense and is this a thing?
Initially I was thinking put a private key in the binary to flash, then subsequent updates could use that key to update to newer versions. That would mean new binaries must also have the private key in them in order to be able to update in the future - disallowing uploading a normal sketch with no key, then updating to an encrypted binary.
Therefore, is it possible to install a key on the ESP32, which cannot be read back by the user, but can be used to decrypt any encrypted binary uploaded to the device?
Does this make sense and is this a thing?