[LEDE-DEV] automated signed firmware upgrades / hide a secret in image
Bastian Bittorf
bb at npl.de
Fri Feb 24 22:46:44 PST 2017
* Michael Richardson <mcr at sandelman.ca> [24.02.2017 19:00]:
> >> Anyone can multiply two large prime numbers to get the solution.
>
> > oh, i was thinking that when you have a large number, e.g.
> > 11542007683190179498670464887074061547264589525228033835453784092033868174972196125349942808504088511053804942426194431961451801392254016733776993893835781
>
> > you can not easily say what the 2 prime factors are to get this result?
> > Or is this really a "fast" cumputation?
>
> That's the essence of assymetric cryptographic algorithms, yes.
> But, you don't want to create your own, because there are subtlies which
> matter. And I don't think you used this mechanism right. If you really want
> to go this way, and can assume you have libssl around, then it will let
> do a signature rather easily.
i use openssl for that:
#!/bin/sh
PRIME1=$(openssl prime -generate -bits 256)
PRIME2=$(openssl prime -generate -bits 256)
The product of these 2 primes factors is stored for each image on
the download-server and public - see field "code_proof_of_boot":
http://intercity-vpn.de/networks/liszt28/firmware/models/Mikrotik%20Routerboard%20532/testing/Standard,kalua/info.json
bye, bastian
More information about the Lede-dev
mailing list