[LEDE-DEV] automated signed firmware upgrades / hide a secret in image

Bastian Bittorf bb at npl.de
Fri Feb 24 22:46:44 PST 2017

* Michael Richardson <mcr at sandelman.ca> [24.02.2017 19:00]:
>     >> Anyone can multiply two large prime numbers to get the solution.
>     > oh, i was thinking that when you have a large number, e.g.
>     > 11542007683190179498670464887074061547264589525228033835453784092033868174972196125349942808504088511053804942426194431961451801392254016733776993893835781
>     > you can not easily say what the 2 prime factors are to get this result?
>     > Or is this really a "fast" cumputation?
> That's the essence of assymetric cryptographic algorithms, yes.
> But, you don't want to create your own, because there are subtlies which
> matter.  And I don't think you used this mechanism right.  If you really want
> to go this way, and can assume you have libssl around, then it will let
> do a signature rather easily.

i use openssl for that:

 PRIME1=$(openssl prime -generate -bits 256)
 PRIME2=$(openssl prime -generate -bits 256)

The product of these 2 primes factors is stored for each image on
the download-server and public - see field "code_proof_of_boot":

bye, bastian

More information about the Lede-dev mailing list