MichelOur software is under scrutiny by the security team at one of customer and we are being challenged on the mechanisms in place to prevent tampering of updates in the event our update server is compromised. Note we are currently signing updates following https://wyday.com/wybuild/help/update-signing.php
-Does signature also apply to the .wys file?-Is the .wys file encrypted and if so what mechanism is used for encryption?-If the .wys is neither encrypted nor signed, what is the rational for not implementing such mechanism in the case of the .wys file?
Thank you,
Michel
Hey Michel,
Short answer: it's secure.
Longer answer: use HTTPS and update signing and both the *.wys and the update files themselves will be secure.
Updates are signed using your signing key: https://wyday.com/wybuild/help/update-signing.php
You can view the technical implementation in the wyUpdate source code itself.
