Hi. I want to solve a problem regarding data integrity:
First, my system shall create hashsum’s of the logged data files (e.g. from MappData) and save them to the file device (in a separate file). Then the user could download this data and proof the integrity of the log-files by calculating the hashsum’s himself and comparing them.
I want to extend this by encrypting the hashsum’s so that even the user cannot manipulate the log-data afterwards without invalidating them. Of course an asymmetric cryptosystem (like PGP) is needed to do that (otherwise the user could re-create matching hashsum’s). The secret key would be stored on the plc and will be hidden from the user. The public key has to be used to decrypt the saved hashsum’s and to proof them.
Now: is there an algorithm/mechanism for x20 systems to store and use private keys with an asymmetric crypto system?
When working with confidential Data such as a private Key, its important that you try to avoid to use it in an visible Variable. Try to use it in a function temporary datapoint, which is only available on the stack. Otherwise it will be accessible via PVI.
For the Storage it might be a idea to look to the Certifikate handling of Automation Runtime. With the Library ArCert you can access it via your Application Program.
Due to one month of inactivity, this post will be marked as solved. If you would still like assistance on this topic, please add a new reply with the latest status
I checked the ArCert library already. It might be useful to store the private key in such a file and fetch it at runtime for usage.
But: It does not provide any encryption routines. To implement my idea i need an en-/decryption routine of an asymetric crypto system.
I know that there is the third-party library BrSecurity which provides a hash function for passwords and a symetric encryption algorithm. But both wont solve my problem.
Does anybody know if there is an e.g. RSA implementation which can be used on x20?
Unfortunately, I think you’ll have to do it yourself.
There are a lot of implementations of SHA256 in C and CPP on Github. An MIT license is advantageous.
You can then place the code in a B&R library so that you can use it in IEC languages.
The algorithms there look quite good for porting to a PLC, since they don’t have many dependencies. For my own further education, I used the SHA256 implementation from this page and ported it to Automation Studio which was quite easy (it was more or less no porting at all, but only writing a additional wrapper to the C functions to get a IEC capable library interface).
