Basic File Encrypt

Demonstrates encrypting and decrypting files with Gecko OS-compatible encryption.

API Features Demonstrated

Platforms

This app works on:

Requirements and Prerequisites

Requires a Gecko OS evaluation board, such as a WGM160P_eval.

Description

This example demonstrates how to encrypt/decrypt a file for Gecko OS using a custom generated key. The file is encrypted and written to the extended flash file system.

Gecko OS can then read and decrypt the file.

Note that this code is for reference only. Gecko OS provides built-in encryption via the File System API.

This example is mainly intended to demonstrate how Gecko OS file encryption/decryption is done.

The algorithm should be ported to external systems that pre-encrypt files before downloading to the Gecko OS device.

For details of encryption and decryption procedures, see File System, Encrypting Gecko OS Files.

Usage Instructions

Open a Gecko OS serial terminal to the device. See Getting Started, Opening a Gecko OS Terminal.

When the App runs, terminal output is similar to the following:

Starting File Encryption Example
User key Set
Generating buffer with 1500 bytes of dummy data
Encrypting file ...
Buffer: 0x10083658 (16): IV
E5 88 58 8C 77 35 8C A9 35 6C A9 31 6C EE CE E8
Buffer: 0x10083668 (16): HMAC
53 1C 13 83 80 07 BD 72 B8 9C 41 3B F9 52 EE 30
File not found
[Opened: 0]
> File created
[Closed: 0]
> Encrypted file created: encrypted_file_example.bin
Derypting file ...
[Opened: 0]
> Buffer: 0x100834b8 (16): IV
E5 88 58 8C 77 35 8C A9 35 6C A9 31 6C EE CE E8
Buffer: 0x10083668 (16): HMAC
53 1C 13 83 80 07 BD 72 B8 9C 41 3B F9 52 EE 30
[Closed: 0]
> File successfully decrypted into buffer
ZAP exited. Reboot to run again.

Implementation

main.c

gos_app_init

The script runs once then exits.

It sets the variable system.security_key to a key defined in the source.

It generates a buffer of dummy data, then calls encrypt_buffer_to_file() (encrypt.c) to encrypt the buffer to a file using the key.

It then calls decrypt_file_to_buffer() (decrypt.c) to decrypt the file to a buffer.

encrypt.c

encrypt_buffer_to_file

This demonstrates the details of Gecko OS file encryption.

Calls to gos_dump_buffer display IV and HMAC blocks on the Gecko OS terminal.

The encrypted file has a special format and has file system flags set to indicate the encryption state:

decrypt.c

decrypt_buffer_from_file

This demonstrates the details of Gecko OS file decryption.

Calls to gos_dump_buffer display IV and HMAC blocks on the Gecko OS terminal.

Source

See: