How to encrypt update artifact?

danie · January 27, 2021, 11:04am

Hi,

Does mender support update artifact to be encrypted along with the signature verification? Did someone tried this yet?

Any inputs would be valuable.

Thanks in advance.

drewmoseley · January 29, 2021, 8:06pm

This is not supported out of the box. It may be possible to do this with a custom update module but I know we are considering how to handle this more fully moving forward. @eystein may have more info.

Drew

eystein · January 29, 2021, 9:36pm

Indeed, we will add product support for this at some point!

Are you looking for symmetric / shared key encryption or something else?

danie · January 30, 2021, 4:37pm

Thanks for the info.

Evan a reference to symmetric (AES) encryption would be a great starting point.

tacarrie · November 21, 2022, 10:36am

Is there any news on this topic?
We are interested in both, symmetric and asymmetric encryption of the artifacts.

TheYoctoJester · November 22, 2022, 10:23am

Hi @tacarrie,

Thanks for your interest. The situation at the moment is

it should be perfectly possible to create and deploy encrypted artifact payloads
there is no readymade solution for this, it would need to be a custom update module.
One of the main concerns would be the key management. If you like to discuss your requirements in more detail, feel free to ping me directly and we can have a chat.

Greetz,
Josef

Topic		Replies	Views
Device and artifact security General Discussions	5	1442	February 13, 2020
Issue with Mender Artifact signature when using Docker Update Module General Discussions	5	770	September 24, 2019
Security of Mender Artifacts containing sensitive information Update Modules mender-artifact	1	383	August 2, 2023
Mender artifact signing issue - no key for verification provided General Discussions mender-artifact , signature-artifacts	2	328	November 14, 2023
Mender-artifact with single-file Update Modules mender-artifact	6	426	July 8, 2024

How to encrypt update artifact?

Related topics