Hi,
Im using QFS to store certificates & keys in BG95.
I found that one can read QFS Memory by sending Read commands from uart.
Is there any way to securely store/secure way to deal with certificates.
Thank you
Hi @Prem
I will send you the BG95 File Application note and you can refer to this document.
HI Mikey,
Thank you for responding,
I could able to store Certificates in BG95 UFS (Using File application note) and make connection with AWS MQTT
My concern is that any one has the physical access to my device (Assume hacker), Can easily read my certificates & Keys that are stored in UFS using AT+QFREAD command
Is there any way to secure certificates in ufs (Encrypt/Read protection etc..)
Thank you
Same question here, how to protect agains malicious AT+QFREAD from USB port?
Thanks.
Same question here. I’m using a BG77xA-GL. If I store it on my MCU and I delete it after every connection then there will remain a time window where anybody can get my private key. That’s the point. How can a modul force me to expose my private key?!
I don’t like workarounds but I don’t have a better idea: AT+QFDWL can be terminated this way: " TA switches to the data mode, so the binary data of the file can be outputted. When the content of the file is read or the TA receives +++," So If my MCU detects AT+QFDWL then it will send ‘+’ character continously. So they have to remove the MCU somehow but then I can design a HW protection, where the BG77XA-GL won’t get supply without the MCU. I can just make it more difficult to read it.
Additionally:
I will store the private key with encryption and decrypt it using AT+QSSLCRYPT if a connection is required and delete it after a successfull connection. Whish me luck!