Dear MBedTLS-Team,
we are currently evaluating MBedTLS for use in our Product. We develop an implant for blood pressure patients, and our implant and its charger need to communicate securely. We already have an AES encrypted communication running, but so far we just store the password in every device, and we would like to switch to RSA to exchange an AES key. It would also be important for us to be able to validate an x509 certificate on the implant. However, due to energy constraints, our internal flash memory on the implant is extremely small, and we would like to not parse the certificate on the implant, but rather send only the key and the signature directly, and then "validate by hand" on the implant. If I understand the procedure correctly, that would only involve taking a hash of the pubkey, decrypting the signature with a stored CA-public key, and compare them, correct? Would that be possible?
Besides normal support during our implementation phase, we would be interested in being informed whenever a vulnerability is found in MBedTLS and a fast update. Do you offer such a service? If so, what will it cost?
Kind Rergards, Felix Knorr
Hi Felix,
Besides normal support during our implementation phase, we would be interested in being informed whenever a vulnerability is found in MBedTLS and a fast update. Do you offer such a service? If so, what will it cost?
https://developer.trustedfirmware.org/w/mbed-tls/security-center/ describes the process followed for reporting vulnerabilities and releasing fixes for it. The project aims to publish fixes publicly as soon as possible following this process. The security advisories involving Mbed TLS and released including the fix can be found here - https://tls.mbed.org/security
As an open source community project under trustedfirmware.org (https://www.trustedfirmware.org/), there is no commercial support available for Mbed TLS.
Regards, Shebu
-----Original Message----- From: mbed-tls mbed-tls-bounces@lists.trustedfirmware.org On Behalf Of Felix Knorr via mbed-tls Sent: Monday, December 13, 2021 8:29 AM To: mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] Commercial Support Request
Dear MBedTLS-Team,
we are currently evaluating MBedTLS for use in our Product. We develop an implant for blood pressure patients, and our implant and its charger need to communicate securely. We already have an AES encrypted communication running, but so far we just store the password in every device, and we would like to switch to RSA to exchange an AES key. It would also be important for us to be able to validate an x509 certificate on the implant. However, due to energy constraints, our internal flash memory on the implant is extremely small, and we would like to not parse the certificate on the implant, but rather send only the key and the signature directly, and then "validate by hand" on the implant. If I understand the procedure correctly, that would only involve taking a hash of the pubkey, decrypting the signature with a stored CA-public key, and compare them, correct? Would that be possible?
Besides normal support during our implementation phase, we would be interested in being informed whenever a vulnerability is found in MBedTLS and a fast update. Do you offer such a service? If so, what will it cost?
Kind Rergards, Felix Knorr
-- Mit freundlichen Grüßen neuroloop GmbH i.A. Felix Knorr Senior Software Developer -------------------------------------- neuroloop GmbH Engesserstr. 4, 79108 Freiburg, Germany
Amtsgericht Freiburg HRB 713935
Geschäftsführer: Dr. Michael Lauk, Dr. Dennis Plachta
The information contained in this communication is confidential, may be attorney-client privileged, may constitute inside information, and is intended only for the use of the addressee. It is the property of the company of the sender of this e-mail. Unauthorized use, disclosure, or copying of this communication or any part thereof is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by return e-mail and destroy this communication and all copies thereof, including all attachments.
-- mbed-tls mailing list mbed-tls@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
mbed-tls@lists.trustedfirmware.org
-
Felix Knorr -
Shebu Varghese Kuriakose