On Apr 17, 1:52*am, Max Kellermann wrote:
Food for thought (opening Pandora's box a little):

The VALI-xxx.EXE (or the according DLL) needs to contain all public
keys of all flight recorders of its kind.

Does everybody have to update their VALI-xxx.EXE when I send my flight
recordor for seal repair to the manufacturer?
If not, how else are new public keys distributed?

(Yes, there are other technical solutions like including the signed
certificate and the public key in the G record, but this technology
has not been documented and peer reviewed, and crypto technology that
hasn't been peer reviewed is insecure more often than not.)


There are a variety of ways this is handled with varying levels of
complexity. In general, though, the VALI program and/or DLL contains
the public side of a pre-generated pool of key pairs intended to be
sufficient to cover the entire lifecycle of the flight recorder
design. The manufacturer provides designated repair agents with key
reset hardware and/or software, which involves communication of
various one-time-only factors in both directions to set a valid
private key within the unit. In the rare event that the key pool is
exhausted, the VALI code can inform the user that a newer revision of
the software is needed. Including a manufacturer signed copy of the
public key in the G record has been proposed in the past, but there
are a number of flaws with that approach which make it unacceptable...

Marc