Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypted SoftwareUpdatable v2 artifacts support #147

Open
ttttodorov opened this issue Sep 29, 2022 · 0 comments
Open

Encrypted SoftwareUpdatable v2 artifacts support #147

ttttodorov opened this issue Sep 29, 2022 · 0 comments
Labels
feature New feature or request security Security improvement

Comments

@ttttodorov
Copy link

ttttodorov commented Sep 29, 2022
edited by konstantina-gramatova
Loading

Using encryption to protect the artifacts managed by a software update process is an important security feature that must be supported to enable secure and trusted edge solutions.

The SoftwareUpdatable v2 Vorto model does no provide a predefined manner/API of such an encrypted artifacts management but defines a generic enough metadata per SoftwareModuleAction that can be utilized to support this use case. Given that a SoftwareModuleAction encompasses the actual artifacts to be downloaded/installed/updated, its metadata can be used to attach the needed decryption data to be applied for all the artifacts the action and module refers to.

Utilizing such metadata for the desired use cases can be done in the following manner:

  • A secure enough algorithm is applied for the transferred (de)encryption data - e.g. AES-256 GCM
  • The key material is made available as base 64 encoded values in the generic metadata dictionary with appropriate distinctive keys, i.e.
    • AES256.key
    • AES256.iv

E.g.:

"metaData": {
  "AES256.key": "AxS5kSOpU2BEsHotpy67nP4lndr/io4XmI9GqO/DFuo=",
  "AES256.iv": "G0kMVI5lOqqlfgTt"
}

The approach must be applied in an aligned manner for all Kanto components that provide a SoftwareUpdatabale v2 support.

Tasks:
@e-grigorov e-grigorov added the feature New feature or request label Sep 29, 2022
@e-grigorov e-grigorov moved this to Todo in Eclipse Kanto Sep 29, 2022
@konstantina-gramatova konstantina-gramatova changed the title Support encrypted SoftwareModule artefacts Encrypted SoftwareUdatable v2 artifacts support Sep 29, 2022
@konstantina-gramatova konstantina-gramatova changed the title Encrypted SoftwareUdatable v2 artifacts support Encrypted SoftwareUpdatable v2 artifacts support Sep 29, 2022
@konstantina-gramatova konstantina-gramatova added this to the M3 milestone Sep 29, 2022
@e-grigorov e-grigorov added the security Security improvement label Oct 6, 2022
@k-gostev k-gostev removed this from the M3 milestone May 30, 2023
@hristobojilov hristobojilov moved this from Todo to In Progress (max 10) in Eclipse Kanto Dec 19, 2024
@hristobojilov hristobojilov moved this from In Progress (max 10) to Todo in Eclipse Kanto Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature New feature or request security Security improvement
Projects
Eclipse Kanto
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
4 participants
@e-grigorov @konstantina-gramatova @ttttodorov @k-gostev