Developer idc released some scripts to decrypt the PS4 Update files (PS4UPDATE.PUP). The scripts rely on PS4 Kernel functions and (obviously?) will require a hacked PS4 for you to run them.
In the old days of the PSP, decrypting a new firmware update allowed CFW creators to inject some of the “new” files from the latest official update into their CFW, giving a console running on a somewhat old firmware, access to the latest features of the new firmware.
Decrypting firmware updates would also be useful to investigate changes between firmwares. This can help security researchers and hackers to find what was patched in a recent firmware, and through the diff, understand where a vulnerability used to be in older firmwares.
Idc mentions that the PS4 will sometimes refuse to decrypt a given PUP file, in particular:
Versions older than the installed version (for the most part, there’s exceptions for things like beta versions).
Versions for a different product code (retail cannot decrypt test or debug updates).
The full description from the readme:
A utility to invoke the PS4 kernel to decrypt the contents of an update file.
The default (hardcoded) operation is to decrypt /mnt/usb0/PS4UPDATE.PUP.
This will output a number of files (depending if a normal or a recovery update):
These decrypted updates can then be unpacked using pup_unpack.