https://devzone.nordicsemi.com/f/nordic-q-a/25371/application-file-encryption-binHello we would like to upload to the cloud the nrfutil generated zip package, however we are worried about the application file security. As far as we know, nrfutils takes the unencrypted .hex file and generates signature in order to make a securityen-USTelligent Community 13Tue, 26 Sep 2017 08:24:14 GMThttps://devzone.nordicsemi.com/thread/99987?ContentTypeID=1Tue, 26 Sep 2017 08:24:14 GMT137ad170-7792-4731-bb38-c0d22fbe4515:46468575-5307-4307-9c65-74adf7411cd1bjorn-spockeli<p>@nicolagallazzi: If you&#39;re concerned with the efficiency, then you could as Emil suggests, use the ECB-AES peripheral in CTR mode to encrypt the firmware. See <a href="https://devzone.nordicsemi.com/blogs/721/intro-to-application-level-security-using-the-ecb-/">this</a> blog post for an example.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/99984?ContentTypeID=1Fri, 22 Sep 2017 12:37:12 GMT137ad170-7792-4731-bb38-c0d22fbe4515:c6cf5354-7176-47f6-898c-55eadfd511d8Nicola Gallazzi<p>Thanks again Bjorn, I&#39;ve updated my question with more details</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/99986?ContentTypeID=1Fri, 22 Sep 2017 10:43:48 GMT137ad170-7792-4731-bb38-c0d22fbe4515:c4bb3dfb-5400-4604-8604-2aaa8700e746bjorn-spockeli<p>YEs, micro-ecc is good choice as we already use that library in the SDK, we provide an abstraction called nrf_crypto, see <a href="https://infocenter.nordicsemi.com/topic/com.nordic.infocenter.sdk5.v14.0.0/lib_crypto.html">this</a> Infocenter page for more information.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/99985?ContentTypeID=1Fri, 22 Sep 2017 09:42:59 GMT137ad170-7792-4731-bb38-c0d22fbe4515:e2778085-ebac-4dcb-899e-f679da58ac01Nicola Gallazzi<p>Thanks a lot Bjorn,</p> <p>do you suggest a way to encrypt the application file in order to easily decrypt it on the firmware side? A symmetric algorithm would be a good choice? We read something about MicroEcc, could it possibly be a valuable choice?</p> <p>Thanks and regards,</p> <p>Nicola Gallazzi</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/99983?ContentTypeID=1Fri, 22 Sep 2017 09:34:52 GMT137ad170-7792-4731-bb38-c0d22fbe4515:188dad69-68d7-48de-9d14-1a4c56f77709bjorn-spockeli<p>Hi Nicola,</p> <p>you are correct, nrfutil will only sign the firmware image using the provided private key so that autenticity of the firmware image can be verified on the nRF side using the corresponding public key.</p> <p>The conversion of the application .hex file to a .bin file does not contain any encryption procedure, i.e. the .bin file will be unencrypted.</p> <p>Best regards</p> <p>Bjørn</p><div style="clear:both;"></div>