Hi! The next wolfSSL release should be ready this week, barring unforeseen testing issues. Our big feature addition for this release is key generation. The addition of key generation to wolfSSL clears the way for us to add certificate generation, with planned availability in September. We’ve had a number of our commercial customers as well as open source users asking us for these features for various reasons, and we’re happy to add them for the enjoyment of all.
One use case that we are particularly excited about is enabling digital signing for embedded systems and devices. Essentially, we’ll be providing the key components in our next release for our users to set up digital signing for their various embedded systems. Watch this space for our white paper on the topic. The white paper will go through the process of setting up your own private certificate authority, as you would do if you were setting up your own private app store or secure firmware download site. Many users like to do this sort of thing if they have closed systems, and don’t need certificates from a standard certificate authority. Who knows, perhaps one of our users will use wolfSSL certificate generation to break the monopolies currently enjoyed by the current batch of certificate authorities.
If you are a device vendor, you might ask the broader question of why to use SSL secure firmware download to your devices? First, you will know where the firmware updated and installed on your device is coming from. It won’t be random, it will be coming from a server you control. Second, you will know that the software updated to the device has not been tampered with during delivery.
As we saw from the recent Security B-Sides presentation “Fun with VxWorks” (The presentation can be found here: https://speakerdeck.com/hdm/fun-with-vxworks), the attack vector of current interest is embedded systems and devices. As such, vendors of connected devices such as printers, cameras, etc, will need to be setting up their own private secure delivery mechanisms for applying firmware updates, etc.
As always, we’re here to help. Contact us at info@yassl.com if you need help with this stuff, either on the server side or the device side.