36 Replies Latest reply on Nov 29, 2016 9:50 AM by kas.lewis

    Where do you store/hide your AES keys used for embedded encypt and decrypt?

    Jan Cumps

      In a scenario where you have two embedded systems talking to each other,

      and you want to encrypt/decrypt the data with AES,

      where/how do you store the AES key in your firmware sources?

       

      If I put my aes-128-ecb in my source code of my firmware like this:

       

          /* Set up the variables */ 
          uint8_t aesKey[16] = { 
                  0x5a, 0x69, 0x67, 0x42, 0x65, 0x65, 0x41, 0x6c, 
                  0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 0x30, 0x39 
          }; 
      

       

       

      it's  out there for everyone that has access to the version control system, and can leak to the outside world.

       

      What's your approach?