espressif/esp_encrypted_img

readme

# ESP Encrypted Image Abstraction Layer

[![Component Registry](https://components.espressif.com/components/espressif/esp_encrypted_img/badge.svg)](https://components.espressif.com/components/espressif/esp_encrypted_img)

This component provides an API interface to decrypt data defined in "ESP Encrypted Image" format. This format is as specified at [Image Format](#image-format)

This component can help in integrating pre encrypted firmware in over-the-air updates. Additionally, this component can also be used for other use-cases which requires addition of encryption layer for custom data.


## Image Format

![Image Format](https://raw.githubusercontent.com/espressif/idf-extra-components/master/esp_encrypted_img/image_format.png)

```c
typedef struct {
    char magic[4];
    char enc_gcm[384];
    char iv[16];
    char bin_size[4];
    char auth[16];
    char extra_header[88];
} pre_enc_bin_header;
```

The above struct represents encrypted image header.

Note:
* RSA-3072 key is provided to the tool externally. You can generate RSA key pair using following command:

    `openssl genrsa -out rsa_key/private.pem 3072`

* AES-GCM key and IV are generated by the tool itself.

## Tool Info

This component also contains tool ([esp_enc_img_gen.py](https://github.com/espressif/idf-extra-components/blob/master/esp_encrypted_img/tools/esp_enc_img_gen.py)) to generate encrypted images using RSA3072 public key.

### Encrypt the image

```
python esp_enc_img_gen.py encrypt /path/to/input.bin /path/to/RSA-public-key /path/to/enc.bin
```

### Decrypt the image
```
python esp_enc_img_gen.py decrypt /path/to/enc.bin /path/to/RSA-private-key /path/to/output.bin
```


To know more about the tool, use command:
`python esp_enc_img-gen.py --help`


## API Reference

To learn more about how to use this component, please check API Documentation from header file [esp_encrypted_img.h](https://github.com/espressif/idf-extra-components/blob/master/esp_encrypted_img/include/esp_encrypted_img.h)