Doco on securing firmware download & upgrade

CoboVault / cobo-vault-cold

Cobo Vault v2 android application

GNU General Public License v3.0

34 stars 13 forks source link

Open sholtomaud opened 3 years ago

sholtomaud commented 3 years ago

Cobo Vault needs doco on how to securely download firmware for upgrades & patching

zhangjun725 commented 3 years ago

Thanks

sholtomaud commented 3 years ago

Thanks, but that page doesn't have any mention of security. Could the download be attacked?

zhangjun725 commented 3 years ago

The upgrade package is signed by a private key which is only owned by Cobo ,Even if the download link is attacked, Cobo Vault will never accept the upgrade package. You can check the code: https://github.com/CoboVault/cobo-vault-cold/blob/master/app/src/main/java/com/cobo/cold/update/Checking.java