DFU Signing\Encryption Security

Question

I can see in the latest SDK 12.2 that signing of the dfu firmware files is possible. 
 Am I right in thinking that this signing verifies the source of the firmware files and does not encrypt them? 
 And if we want to protect against reverse engineering of the bin files then we need encryption as well.

bjorn-spockeli · Accepted Answer

You are correct, the signing feature is only used to verify that the firmware image has been generated by a trusted source. The firmware image itself is not encrypted and is sent in plain text unless you add additional encryption at the application layer or use the build-in Link Layer encryption of BLE. However, you have to take into account that the image must be sent securely to a mobile device( Android or iOS), so I would recommend the first option as this allows you to implement end-to-end encryption. 
 Best regards 
 Bjørn

DFU Signing\Encryption Security

Top Replies