ccollins476ad opened a new pull request #2: Distinguish partial {en|de}crypt from full URL: https://github.com/apache/mynewt-imgmod/pull/2 When we calculate a build's SHA256, we provide two inputs to the hash function: 1. Image header 2. Unencrypted image body The image header contains an "encrypted" flag (`IMAGE_F_ENCRYPTED`). This has an interesting implication: when we decrypt a build, its hash is no longer valid. There are two use cases for decrypting an image: 1. Create an unencrypted version of the image. For this use case, the decrypted image should be well formed and usable as an unencrypted image. 2. Re-sign an image with a new key. For this use case, the procedure typically looks like this: a. Start with a signed and encrypted image. b. Decrypt image (`imgmod image decrypt`). c. Remove signature TLVs (`imgmod image rmsigs`). d. Re-sign image (`imgmod image sign`). e. Re-encrypt image (`imgmod image encrypt`). In this use case, it is critical that step b (decrypt) does *not* clear the `IMAGE_F_ENCRYPTED` flag from the image header. This flag must remain set so that the signature produced in step d is valid. So we need two sets of {en|de}crypt commands: * Full * Partial The "full" versions apply to use case 1. The "partial" versions apply to use case 2. The old commands (`image encrypt`, `image decrypt`) are the partial versions. These remain unchanged. The new commands (`image encryptfull` `image decryptfull`) are the full versions.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services