Should we use a different key to encrypt images or the same key for signing?

[zhiyong-ft]

Hi,

I have tried using either a separate key or the same key for signing images, both approaches work just fine. My question is, from security's perspective, which is better practice?

My concern about using the same key for both signing and encryption is that both private and public key will co-exist in bootloader. On the other hand, if someone already acquired a copy of the bootloader, then it doesn't matter whether the public and private key are actually a pair.

So please advise.

Thanks.

[naNEQ]

In general, I think the best security practices say to use a key pair for a single purpose only. Thus, from that perspective, it would be better to use different keys.

In our case, I'm thinking to have each device has its own key for encryption (not provided by me from the outside), so inherently, I will have different keys for signing and encryption.

[Olstyle]

On the other hand, if someone already acquired a copy of the bootloader, then it doesn't matter whether the public and private key are actually a pair.

It still matters if you produce more than once device using that key. Because reading out the key from one device might be possible with a reasonable amount of work with method like physically opening the device and reading out the flash or glich attacks etc. . If what the attacker finds is then just a public key for signing, he has still no direct attack vector on the other devices. If he finds a privat (or symmetric key for that matter) signatur key, he can now sign malicious software for all your other devices.
Of course there is the encryption key the attacker can obtain, but that "only" means he can read the code of the application, not manipulate it (and if the security of your application relies on the application being obfuscated, it has no real security -> see security by obscurity ).