https://devzone.nordicsemi.com/f/nordic-q-a/35895/adding-encryption-to-secure-dfuHello. I&#39;m trying to add encryption to the secure DFU bootloader. I&#39;m using SDK v15. I know this topic has been discussed on this forum before. In particular I have found this blog post and this thread very helpful. I haven&#39;t yet been able to builden-USTelligent Community 13Tue, 07 Aug 2018 08:08:20 GMThttps://devzone.nordicsemi.com/thread/143153?ContentTypeID=1Tue, 07 Aug 2018 08:08:20 GMT137ad170-7792-4731-bb38-c0d22fbe4515:f66991aa-03c5-40cd-9b1f-5c3823e4b7ddmrono<p>Other things came up, so I haven&#39;t had a chance to work on this for a while.</p> <p>My plan is to proceed like this:&nbsp;First try to encrypt and decrypt some data (probably a text string) on the target and verify that it works. Then send the encrypted data out through RTT, and try to recreate the same encrypted data with openssl. (I still suspect my issue is that I&#39;m not invoking openssl with the correct parameters.)</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/143114?ContentTypeID=1Tue, 07 Aug 2018 03:29:30 GMT137ad170-7792-4731-bb38-c0d22fbe4515:a08f38c3-bb50-4da0-bb55-7a3f93c4b223Mathew<p>Hi Markku,</p> <p>I&#39;m also attempting to&nbsp;add encryption to the&nbsp;SDK v15 secure DFU bootloader.</p> <p>I am interested in how you got on and whether you have any tips on how to implement a working solution.</p> <p></p> <p>Cheers,</p> <p>Mathew</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/138708?ContentTypeID=1Tue, 03 Jul 2018 09:16:19 GMT137ad170-7792-4731-bb38-c0d22fbe4515:e01dbda3-1c71-48f6-b880-60099358bdd1mrono<p>Thank you. I&#39;ll try those steps.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/138296?ContentTypeID=1Fri, 29 Jun 2018 14:00:33 GMT137ad170-7792-4731-bb38-c0d22fbe4515:5e7e9e87-7caa-4650-9907-d256103b43fbHung Bui<p>Hi Markku,&nbsp;</p> <p>To be honest I&#39;m don&#39;t have much experience with crypto library, but I can try to help.&nbsp;</p> <p>From my point of view adding AES into&nbsp;CC310_bl could be a good idea. The main reason we didn&#39;t use CC310 in our bootloader was the limit of ROM size that we don&#39;t want to add the full big library in.&nbsp;</p> <p>My suggestion is,&nbsp;</p> <p>1)&nbsp;First you test inside your application, just encrypt and decrypt some dummy test data, doesn&#39;t need to try with a big image first.</p> <p>2)After that you test on the real image, just write a blinky binary image into flash, and then use your application (not the bootloader) to encrypt and decrypt.</p> <p>3) After you have above steps done, I don&#39;t see any problem&nbsp;using that encrypted image to create the .zip file and send it to the bootloader where you add the decrypting&nbsp;code. Note that there a tricky part with CRC. So on the fly CRC calculation for each packet is calculated on the encrypted data received. However, at the end, when we need to check the hash of the image, to verify the signature we should use the decrypted image. Same applied with the CRC calculation at post-validate, this is the CRC to be stored in flash so each time the device starts the bootloader will check if the application image still matches with the stored CRC. So this CRC has to be calculated on the decrypted image.&nbsp;</p> <p>&nbsp;</p> <p>But most important is to have the test image encrypt and decrypt correctly&nbsp; (step 2), I think.&nbsp;</p> <p>&nbsp;</p> <p>&nbsp;</p><div style="clear:both;"></div>