Demo: Swapping public keys remotely


#1

Hello Spark community!

I hope you guys have been tinkering with your cores and doing cool stuff during your free time. :smiley:

Here’s a simple application that might be of interest to you or even enterprise customers.

Objective

Swap the server public key and address with a backup key in case of repeated connection failure.

Steps taken

1.) Pre-load the back up server public key to the External flash at address 0x80000
2.) Erase the 0x1000 sector to prepare for write
3.) Read the back up server public key from External flash and copy to 0x1000
4.) use memcmp to ensure that the key written matches the writeBuffer
5.) Repeat the same steps for the server address
6.) Get ready to System.reset() and :scream: :scream: :scream: :scream: :scream:

Demo code

You will need to open up a Serial terminal @9600 and hit on a key to begin the swap.

However, be sure to load a key to 0x80000 before testing it out.

I’ll be cleaning up the code and eventually by able to execute via Spark.function(). :blush:

Here: https://gist.github.com/kennethlimcp/72b3e45264781447bfa6

Sample serial print-out for the test

Here’s the serial output of the successful testing swapping the Spark :cloud: keys to my local :cloud: keys

Proceeding with Keys swapping test....

Current server Public Key:
30 82 1 22 30 D 6 9 2A 86 48 86 F7 D 1 1 
1 5 0 3 82 1 F 0 30 82 1 A 2 82 1 1 
0 BE CC BE 43 DB 8E EA 15 27 A6 BB 52 6D E1 51 
2B A0 AB CC A1 64 77 48 AD 7C 66 FC 80 7F F6 99 
A5 25 F2 F2 DA E0 43 CF 3A 26 A4 9B A1 87 3 E 
9A 8D 23 9A BC EA 99 EA 68 D3 5A 14 B1 26 F BD 
AA 6D 6F C AC C4 77 2C D1 C5 C8 B1 D1 7B 68 E0 
25 73 7B 52 89 68 20 BD 6 C6 F0 E6 0 30 C0 E0 
CF F6 1B 3A 45 E9 C4 5B 55 17 6 A3 D3 4A C6 D5 
B8 D2 17 2 B5 27 7D 8D E4 D4 7D D3 ED C0 1D 8A 
7C 25 1E 21 4A 51 AE 57 6 DD 60 BC A1 34 90 AA 
CC 9 9E 3B 3A 41 4C 3C 9D F3 FD FD B7 27 C1 59 
81 98 54 60 4A 62 7A A4 9A BF DF 92 1B 3E FC A7 
E4 A4 B3 3A 9A 5F 57 93 8E EB 19 64 95 22 4A 2C 
D5 60 F5 F9 D0 3 50 83 69 C0 6B 53 F0 F0 DA F8 
13 82 1F CC BB 5F E2 C1 DF 3A E9 7F 5D E2 7D B9 
50 80 3C 58 33 EF 8C F3 80 3F 11 1 D2 68 86 5F 
3C 5E E6 C1 8E 32 2B 28 CB B5 CC 1B A8 50 5E A7 
D 2 3 1 0 1 

Current server Address:
1 F 64 65 76 69 63 65 2E 73 70 61 72 6B 2E 69 
6F 0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 

Copying backup Public Key to replace existing....

Backup public key:

30 82 1 22 30 D 6 9 2A 86 48 86 F7 D 1 1 
1 5 0 3 82 1 F 0 30 82 1 A 2 82 1 1 
0 BB B 39 8E 1D 7D 73 E9 33 9F A5 62 83 31 FD 
12 8D 7F B9 1C FB DC 6B 7E 14 65 D6 9E C6 7A EE 
83 9C 45 A3 23 DA 6A A1 83 F6 96 D1 A4 93 32 28 
7A D8 8F 12 38 7B F9 10 C0 AE 52 BE FC DD 72 91 
1B D5 72 B3 64 89 54 9E 64 8E CB 18 E3 19 B7 C1 
DC B3 74 F0 83 98 5A 99 19 B1 22 21 A0 EE 33 10 
CA 81 1 22 C3 40 26 D6 EF 17 B E7 18 D2 65 9C 
32 87 9 A8 81 48 BD 51 9B 13 D7 9E 23 56 19 7C 
3B 12 4F 3B 20 36 5C CA 44 42 26 17 B8 2E 5B 13 
4B 94 C9 20 1B 4C 9B CE C0 14 EF DC 1C 7E A7 E4 
6 37 47 93 7B 4 E0 C8 54 B EE AE 89 A4 68 D8 
D8 F0 AD B1 F1 C4 BC 2A BA FC 1D 2B D2 47 43 99 
9 58 31 81 5F 83 FC F2 31 6F 4B B2 0 3E 66 46 
3E D6 66 BF 77 D5 A0 80 A5 C0 20 D 1C 10 1D 2F 
B4 91 5D BC F9 71 F2 97 1C 8D 3 8 E1 ED BE EB 
1 96 66 EA E6 99 D2 BC 8 66 BE 90 7C E 1D E2 
45 2 3 1 0 1 

Public Key swapped without error. :D


Copying backup server address to replace existing...

Backup server address:

1 16 6B 65 6E 6E 65 74 68 6C 69 6D 63 70 2E 6E 
6F 2D 69 70 2E 6F 72 67 FF FF FF FF FF FF FF FF 
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 

Server address swapped without error. :DD

Feel free to give your feedback about this demo! Is it going to be useful? Impractical? Interesting?

Future plans
1.) Write into functions for easy usage
2.) Perform re-write during comparison failure
3.) Make it even more fun…

Stay tuned for more cool demos. :smiley:


Switch RSA Key via OTA
#2

@kennethlimcp Thank you for sharing this, we are now at the situation when we need to use this. One of the deployed device lost public key, it might relate to repeated power loss. I would like to try to find a way how to solve this by flashing new public keys to the customer’s device.

If I understand it well, there would have to be this function (keys backup) already implemented in our app code, right? I have obviously no connection to the device now as it cant establish connection… But because we run own cloud (Brewskey), I have access to console and might do something from here…

I will need to find a way how to prevent this from hapenning in future as this is second occurence (other device) in a fleet of 500 deployed devices.

By the way, did you make any progress since 2014? :slight_smile:

Thank you!


#3

This might be of interest for future use: