Securing Your Factory Updates with Ed25519 Elliptic Curve

This blog post could be summarized with just one Fioctl® command to rotate all your Factory TUF keys. Read more to see why it is so important, and how it came to be a "one button" solution.

What is TUF and Why Ed25519?

Every time you run a new CI build for your Factory, it creates some artifacts for The Update Framework (TUF). Later on, FoundriesFactory® uses these artifacts to bring secure Over The Air (OTA) updates to your Factory devices. TUF uses a set of cryptographic keys to sign every update, protecting it from various cyber attacks.

You can find more information about how TUF and FoundriesFactory work together to secure your Factory updates here:

• Blog: how to secure your production updates.
• Blog: why is key rotation important.
• Reference Manual: OTA Updates.
• Reference Manual: Security.

TUF specification allows the use of several key types (and signature algorithms) to sign its artifacts:

• Rivest–Shamir–Adleman (RSA).
• Edwards Elliptic Curve Ed25519.
• Institute of Standards and Technology (NIST) Elliptic Curve P–256.

Ed25519 is a perfect choice for IoT security for several reasons:

• It is one of the recommended Elliptic Curves (EC) for digital signing by the Federal Information Processing Standards (FIPS) publication FIPS 186–5 Section 7 since the 3rd of February 2023.
• It provides a higher level of security compared to other choices from the above list. By January 2017, it is still one of the few Elliptic Curves which gained the Safe label in the SafeCurves listing by Daniel J. Bernstein and Tanja Lange.
• It produces fast, deterministic signatures in constant time, and has a relatively small computing footprint.
• Both Ed25519 public keys and signatures are rather short, minimizing the TUF related network traffic.

Note: Switching TUF keys from RSA to Ed25519 type reduces the root role size by ~70% (from 5.5 KB to 1.8 KB). The below example shows the difference in the public key and signature sizes for RSA versus Ed25519 keys:

# RSA public key:
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvweHkZnm5VMvSNdL6Soh
M2RvXLSCAggDs6da2jNPBPXdvLmDAQD8mVHB703l+UgsNurEe7EW3QlDXQ4TATPO
yEXTODuKE1ADHS6ycgNOMQChk5z9I/Qjcwr2C0qnx6bEkowVjj4cOFqJAhIY2KQc
EvopvOdHRNSFOiQ5Y5UbQegmRPo/dVVY4SSBVojoOpa+cbVyQ818d4zH4rb/hkqZ
SBAe5bnI+kLHZfevVGuG4qO2goU0aGEotMV+NC8x9zaMKb1iugUa/0dB/VFfCwh6
qysc7P3y9U86RWHwgntIkJGJXlD5Q7FzSEQeGcnh7x0Q6xye7M/Lb1hac3okaKxD
znzFenS8wpAeKlRvPpTIxnqngtM1qtl8tgY8K1fAWz+8ezOUpgSydgunBu9Lprqf
Hw2ZX2cc54hs0+O3Kb73kMGB3YLeyu30C3805tMcIu8oXSiUps9wmOfV7+4iLADH
1Wi050qPhbKQwbzuypXn1TCJ7BJGCiu6IaAHdUtaT8QQU7FG9igX5OgIn8zHveXC
ky7mywE5fKjU4DBZWM7MWw4zb5YL56oW4w/TE0OB7zRkYyLy90CA/piifBejpRMf
mDXPBbPwM/sgbFzep+MrbcGyvRfrH4EkO4eaQIBiVUQT82JWs232sPjf6TaoMCqf
kW3Kirnre/DgFZSW7DkOVsUCAwEAAQ==
-----END PUBLIC KEY-----

# RSA signature:
VwERC5lRIvwR6qRfEVeFG1wy838/gOT7GfOIWurcQMzweLnecA2KRFAYZKnTyz6g
esiciJ7JfiFDs9VFEfZjJVr2teM7vn3wf7t41UN64wM4GoMsfiED+wXWqnsCOr3U
/sgaNMbTlIk+9dqq6cV3dx+o+985Rm2AG1Nt24XPA+/SS4bo4IKDhj579tQowQL0
UWg3KgTQB95zIMYxFoBM4XM/RWrTyK83318q+pNNzuZf7Rv2+RouBPCQrdgeQcsE
LQg8MjK8kgRrZtCZLrnH3d9/nwj0Yv40iO7TcPcwmNihA68MeSZQfODS5ZZarAOS
REuzxzAw7bPi8Le7tacp/LDM7sP2HdNgFDQAw5J41RdTpw/mE7wnugz52PYGu+WT
RhJCzXZ5+BUSyOL5Kd/OPUCaHHy2cZuyXiFk7jXx/DJgTdAx0ZhlzFa5x7Xz1Cgj
9kYXn99Y+8XxcqvesP7GOhjdlRu8aTqijO4tIFk8edrDlGD0edgADXEV8Gxah/jX
hN303p1NuEGRk0wgDn5N0LF/srEnuDb9J9c7hahzIEsw+9baY+d5yenVMelpS7bt
hH5+n6lCJsETkd5VSoJ87hT/kviEsqEF4ncydeL7DU/TlmbCNMAOzoJlGflQwzfN
6gUltNc0LQONZEa+v/5k1KnLZKLHF7t7vVCmgDhsaMM=

# Ed25519 public key:
4187e306ea026cddcf390f06bf569868a009a7bd88034cfa6aacdabebafd60b2

# Ed25519 signature:
Fv6VTXpXt2q1JDC05hVzCBOYhy+/znnYDHUoGPA/HpFCDppm5znqOq014LIUxHwVxsBD0+S2fBONoKmlWRW2Dw==

The FoundriesFactory One Button Solution to TUF Keys

Until recently, FoundriesFactory only supported the RSA key types end-to-end. Based on the previous paragraph we envisioned adding Ed25519 support to our OTA solution. However, it turned out to require changes to many product parts.

To start, there are currently 5 TUF keys in use by the majority of Factories:

• the offline TUF root key, owned by the Factory admin, used as a root of trust in TUF.
• the offline TUF targets key, owned by the Factory admin, used to sign production TUF targets.
• the online TUF targets key, owned by Foundries.io™, used to sign both CI and production TUF targets.
• the online TUF snapshot and timestamp keys, owned by Foundries.io, used to sign other TUF artifacts.

Next, we had to verify that the new key type is supported by all software pieces:

• our cloud solution which serves OTA updates to your Factory devices;
• Aktualizr-Lite™ which installs updates on your Factory devices.
• Fioctl which allows you to rotate TUF keys for your Factory.
• FoundriesFactory CI-Scripts™ which upload new TUF targets to your Factory.

We started to gradually add this support mid-2022, and by now all of the new factories already use Ed25519 by default. Still, old factories need to be migrated, which requires user action. This brings us to the user experience problem, as we have to ask every Factory owner to rotate each of their TUF keys.

A few times in my career I met software engineering teams working on "one button" products. These are highly elaborate solutions for a complex real life problem, visible to the end user as one button or check box. Those products have some inherent charm of taking the ease of use to its margin.

So, we decided to try this one button approach for TUF key rotation and came up with this command:

  fioctl keys tuf rotate-all-keys --key-type=ed25519 --keys=/path/to/root.keys.tgz [--targets-keys=/path/to/targets.keys.tgz]

This command rotates all TUF keys for your Factory to the Ed25519 key type in a safe and secure way. It also re-signs your Factory's CI and production targets using the new keys.

Note: the --targets-keys argument is optional. Still, we recommend to keep your Factory TUF targets key in a separate file. Please, see the corresponding blog post or user manual for details.

We have no plans to remove support of the RSA keys in the future. So, there is no immediate action required from you. However, we strongly recommend switching your Factory TUF metadata to use the Ed25519 key type.

If your Factory was created before the 1st of February 2023, we ask you for a small favor. Please, download the latest Fioctl, and run the above command. It will allow us to keep your OTA updates even more secure than before. This is a one time action; all subsequent TUF key rotations for your Factory will generate Ed25519 keys.

References

References to Foundries.io documentation, blog, or product pages:

• Fioctl
• Aktualizr-Lite
• FoundriesFactory CI-Scripts
• Blog: How to Secure Your Production Updates
• Blog: Why is Key Rotation Important
• Reference Manual: OTA Updates
• Reference Manual: Security
• Reference Manual: TUF Offline Keys

External references:

• The Update Framework (TUF)
• Rivest–Shamir–Adleman (RSA)
• Edwards Elliptic Curve Ed25519
• NIST Elliptic Curve P–256
• FIPS 186–5
• Daniel J. Bernstein and Tanja Lange. SafeCurves: choosing safe curves for elliptic-curve cryptography.