How to encrypt update artifact?

danie · January 27, 2021, 11:04am

Hi,

Does mender support update artifact to be encrypted along with the signature verification? Did someone tried this yet?

Any inputs would be valuable.

Thanks in advance.

drewmoseley · January 29, 2021, 8:06pm

This is not supported out of the box. It may be possible to do this with a custom update module but I know we are considering how to handle this more fully moving forward. @eystein may have more info.

Drew

eystein · January 29, 2021, 9:36pm

Indeed, we will add product support for this at some point!

Are you looking for symmetric / shared key encryption or something else?

danie · January 30, 2021, 4:37pm

Thanks for the info.

Evan a reference to symmetric (AES) encryption would be a great starting point.

tacarrie · November 21, 2022, 10:36am

Is there any news on this topic?
We are interested in both, symmetric and asymmetric encryption of the artifacts.

TheYoctoJester · November 22, 2022, 10:23am

Hi @tacarrie,

Thanks for your interest. The situation at the moment is

it should be perfectly possible to create and deploy encrypted artifact payloads
there is no readymade solution for this, it would need to be a custom update module.
One of the main concerns would be the key management. If you like to discuss your requirements in more detail, feel free to ping me directly and we can have a chat.

Greetz,
Josef

Topic		Replies	Views
Device and artifact security General Discussions	5	1301	February 13, 2020
Issue with key verification using Directory Update Module General Discussions	25	1504	June 28, 2019
Issue with Mender Artifact signature when using Docker Update Module General Discussions	5	714	September 24, 2019
Suggestion to make `mender install` accept the artifact on STDIN General Discussions	2	392	February 28, 2022
Roll-based artifact installation on device General Discussions	1	275	November 30, 2020

How to encrypt update artifact?

Related topics