OTA Connect Developer Guide

Key Management

Once you move to production, we recommend that you manage these keys offline in your own PKI rather than having all keys managed on the OTA Connect server.

OTA Connect uses pairs of public and private keys to protect sensitive data. Normally, you use a PKI (Public Key Infrastructure) to manage these keys.

Risks of using OTA Connect as your PKI

By default, OTA Connect server plays the role of a PKI so you don’t have to think about key management. This is useful if you don’t yet have your own PKI, but not so secure.

If an attacker were able to take over your OTA Connect account, they would be able to provision their own devices and send malicious updates to your devices. If your device happens to be a vehicle, such a breach could have very dangerous consequences.

This is why we recommend that you use your own PKI in production.

Key Types

If you follow our security recommendations, you’ll need to manage several different keys.

Table 1. Key Types
Key Name Purpose Description

Fleet Root

Device Identity

This key is used to sign your fleet root certificate. The root certificate certifies the identity of your fleet and is used to sign device certificates. The OTA Connect server can then validate device certificates to ensure that a connecting device is part of your fleet.

If you obtain a root certificate from an external certificate authority such as DigiCert, you don’t have to worry about managing this key. The certificate authority takes are of this for you.

Uptane Root

Software Integrity

This key is used to sign the "root" metadata file for your software repository. This file contains information about all the roles that can sign software metadata. For more information on how to take these keys offline, see the topic "Manage keys for software metadata".

Uptane Targets

Software Integrity

This key is used to sign the "targets" metadata file for software updates. This file contains information about all the valid software files in your software repository. For more information on how to take these keys offline, see the topic "Manage keys for software metadata".