Can a third-party attacker extract public key?

who cares if they could extract a public key, the whole point of a public key is that .. it's public.

AFIK.

The firmware (binary) is signed but not encrypted by nrfutil

Hence they public key can be extracted.

However Nordic uses public key encryption, so that even if the public key is discovered, its not possible to create signed firmware unless you know the Private key -

If you want you firmware binary to be encrypted so that it can be reverse engineered, you'll need to encrypt the firmware and use a bootloader that decrypts as well as just checking that signature.

@RK. You pipped me to the post.

Thank you.

You're welcome