ccollins476ad opened a new pull request #2: Distinguish partial {en|de}crypt
from full
URL: https://github.com/apache/mynewt-imgmod/pull/2
When we calculate a build's SHA256, we provide two inputs to the hash
function:
1. Image header
2. Unencrypted image body
The image header contains an "encrypted" flag (`IMAGE_F_ENCRYPTED`). This
has an interesting implication: when we decrypt a build, its hash is no longer
valid.
There are two use cases for decrypting an image:
1. Create an unencrypted version of the image.
For this use case, the decrypted image should be well formed and usable as
an unencrypted image.
2. Re-sign an image with a new key.
For this use case, the procedure typically looks like this:
a. Start with a signed and encrypted image.
b. Decrypt image (`imgmod image decrypt`).
c. Remove signature TLVs (`imgmod image rmsigs`).
d. Re-sign image (`imgmod image sign`).
e. Re-encrypt image (`imgmod image encrypt`).
In this use case, it is critical that step b (decrypt) does *not* clear the
`IMAGE_F_ENCRYPTED` flag from the image header. This flag must remain set so
that the signature produced in step d is valid.
So we need two sets of {en|de}crypt commands:
* Full
* Partial
The "full" versions apply to use case 1.
The "partial" versions apply to use case 2.
The old commands (`image encrypt`, `image decrypt`) are the partial
versions. These remain unchanged.
The new commands (`image encryptfull` `image decryptfull`) are the full
versions.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
