Hei hei,

On 28.08.2016 20:36, Roland Hieber wrote:
> The key material would rather need to be
> generated at build time and/or put into projectroot/etc/ibrdtn/bpsec by
> the user.

Generating one key at build time for all your devices may be seen as a
security flaw, doesn't it? If you build update tarballs from your BSP
for example, which contain in some way private keys, an attacker could
replace those keys?

On the other hand, embedded devices often lack good random number
creation capabilities, so creating keys on the target may be bad, too?

Greets
Alex