https://devzone.nordicsemi.com/f/nordic-q-a/16559/ecc-dfu-in-sdk12---possible-to-on-flash-decrypt-application-dataI think similar to but not exactly this question: devzone.nordicsemi.com/.../ Can I get a quick clarification here.... I&#39;d like to encrypt the zip data / application code on a DFU. I have sensitive data in my application that can not be sent outen-USTelligent Community 13Fri, 23 Sep 2016 09:34:50 GMThttps://devzone.nordicsemi.com/thread/63348?ContentTypeID=1Fri, 23 Sep 2016 09:34:50 GMT137ad170-7792-4731-bb38-c0d22fbe4515:27eb080c-68f0-498e-bf9a-00d5758ef4dabjorn-spockeli<p>@slowrobotahead (SRA): I would appreciate if you could you mark the answer as correct( click the check mark in the circle to the left of the answer) so that this question is marked as solved.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/63347?ContentTypeID=1Fri, 23 Sep 2016 08:52:19 GMT137ad170-7792-4731-bb38-c0d22fbe4515:b832783e-c247-4e02-9713-cd855a4385bcbjorn-spockeli<p>Yes, I can confirm that this is something that we&#39;re looking into. However, I cannot promise anything :)</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/63346?ContentTypeID=1Thu, 22 Sep 2016 17:57:26 GMT137ad170-7792-4731-bb38-c0d22fbe4515:0d93f765-1fc5-4391-b366-056751b282a7SRA<p>Yea, I&#39;m not sure who ever cares about BLE specific encryption when you need to distribute the firmware in the clear. Seems like on the tool side and on the firmware side this would be easy for Nordic. Certainly it would save me some time!</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/63344?ContentTypeID=1Thu, 22 Sep 2016 09:05:40 GMT137ad170-7792-4731-bb38-c0d22fbe4515:4bd8c03b-efca-4888-894e-60a5c3780ba3bjorn-spockeli<p>I&#39;ll add it to our wishlist :)</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/63343?ContentTypeID=1Thu, 22 Sep 2016 08:59:13 GMT137ad170-7792-4731-bb38-c0d22fbe4515:5e12486e-83f4-4fc7-a67a-b80d6d151fcbAdrian Eggenberger<p>+1 for firmware end-to-end encryption</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/63345?ContentTypeID=1Thu, 22 Sep 2016 08:39:46 GMT137ad170-7792-4731-bb38-c0d22fbe4515:268b6a98-bc5a-4601-92ab-e367fabfee0abjorn-spockeli<p>Ah, I then I understand, you want the firmware to be end-to-end encrypted, not just while the firmware is sent over the air.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/63342?ContentTypeID=1Wed, 21 Sep 2016 16:40:40 GMT137ad170-7792-4731-bb38-c0d22fbe4515:d48204fb-4500-44ae-a3f2-c6504d438415SRA<p>Bjørn, thanks for the reply. The issue wasn&#39;t the BLE layer, but rather the app and/or sending the file out to be flashed. Since I don&#39;t consider the app to be secure, I don&#39;t know why anyone would rely on the BLE link security. Seems odd to me.</p> <p>But... That&#39;s great on the bootloader - it should be easy enough to add in the decrypt the app data at the time of flashing. That&#39;s really helpful!</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/63341?ContentTypeID=1Wed, 21 Sep 2016 08:55:48 GMT137ad170-7792-4731-bb38-c0d22fbe4515:bdbc2e2c-8168-4f20-8e30-8b3fba697575bjorn-spockeli<p>If you use LE Secure Connections you already have ECC encryption at the Link layer, but this requires both sides to support LE Secure Connections and this might not always be the case, at least not yet.</p> <p>So yes, you have to add a ECC decryption step before writing the received firmware image to flash. Modifying the existing bootloader to do this extra step should not be a problem.</p> <p>You can find the Secure DFU bootloader example in the SDK under <strong>examples/dfu/bootloader_secure</strong> which you may modify as you see fit.</p> <p>-Bjørn</p><div style="clear:both;"></div>