CANedge2 Docs, Release FW 01.04.02
Security
Some configuration field values can be encrypted to hide sensitive data stored in the Configuration File
(passwords etc.). In this section, we provide a technical summary and provide resource suggestions for
implementing the encryption.
The field encryption feature uses a key agreement scheme based on Elliptic Curve Cryptography (ECC)
(similar to the one used in a TLS handshake). The scheme allows the device and user to compute
the same shared secret, without exposing any secrets. The shared secret is in turn used to generate a
symmetric key, which is used to encrypt / decrypt protected field values.
The following sequence diagram illustrates the process of encrypting configuration fields:
Below we explain the sequence:
1. Load device public key field (
kpub
) from the
device.json
file
2. Decode the device public key (base64)
3. Generate random user key pair (public and private) using curve
secp256r1
4. Calculate shared secret using device public key and user private key
0.4. Configuration
15
Содержание CANedge1
Страница 1: ...CANedge2 Docs Release FW 01 04 02 Mar 31 2021...
Страница 2: ......
Страница 4: ...ii...