[0xricksanchez]

They make use of /etc_ro/public.pem to verify the integrity of a firmware update. So flashing a custom firmware (e.g.: OpenWRT) will fail all checks they put in place. I did not investigate how one could circumvent the update mechanism yet but if you're interested in doing so for these particular models my GitHub repo (https://github.com/0xricksanchez/dlink-decrypt) has a decryption script for these firmware images so you can snoop around the file system for further clues.

[notaplumber]

I think they were replying to me about the Linksys/Cisco routers, but it is similar in that the public key is contained on the filesystem and prevents flashing any firmware not signed with it. What's worse is they added this after the fact to several models in later firmware versions, making it impossible to downgrade to older unsigned versions.

Unlike with yours, no decryption script is required, gnupg can decrypt them as-is.