For signing firmware images, we are using OpenSSL v1.1.1f, which I think was provided by Netburner. It's been about 4-years since we started signing images. In any case, is it possible to use the current version of OpenSSL, which I think is v3.5.0, to create the private/public key pair?
Am I correct to assume that if we change OpenSSL versions, that images signed with the new version will be rejected by firmware signed with the original version?
OpenSSL version
Re: OpenSSL version
If you are generating certificates, and not cpp files, then you should be able to use the newer version.
-
SeeCwriter
- Posts: 637
- Joined: Mon May 12, 2008 10:55 am
Re: OpenSSL version
We are not using certificates. All we are doing is signing the firmware image using the private key created by OpenSSL.
The only reason this is coming up is because a customer is concerned that we used a version of OpenSSL that is out-of-date and no longer supported. At the time we started signing images, the version we used was close to, if not, the latest version. But I suspect that if we were to create a new set of private/public keys with any other version of OpenSSL, existing products using firmware signed with the original keys will reject firmware updates signed with the new keys.
The only reason this is coming up is because a customer is concerned that we used a version of OpenSSL that is out-of-date and no longer supported. At the time we started signing images, the version we used was close to, if not, the latest version. But I suspect that if we were to create a new set of private/public keys with any other version of OpenSSL, existing products using firmware signed with the original keys will reject firmware updates signed with the new keys.
Re: OpenSSL version
I think the only way to know for sure would be to test it.