Can a third-party attacker extract the public key in the signed firmware(.zip) generated by nrfutil through decompile hex or bin file?
Can a third-party attacker extract the public key in the signed firmware(.zip) generated by nrfutil through decompile hex or bin file?
AFIK.
The firmware (binary) is signed but not encrypted by nrfutil
Hence they public key can be extracted.
However Nordic uses public key encryption, so that even if the public key is discovered, its not possible to create signed firmware unless you know the Private key -
If you want you firmware binary to be encrypted so that it can be reverse engineered, you'll need to encrypt the firmware and use a bootloader that decrypts as well as just checking that signature.
@RK. You pipped me to the post.
You're welcome
You're welcome