CANcrypt can be used to add an additional security layer to CAN or CAN-FD based bootloader implementations. Applications that support firmware update via CAN(-FD) may use different security levels. Traditionally the first layer is to encrypt and authenticate the firmware update file transferred to the microcontroller receiving the new code. An additional CANcrypt security layer ensures that the host communicating with the bootloader on CAN(-FD) level is authorized to perform the update. This ensures that only an authorized host can activate the booloader and erase Flash memory.