Restoring one of the keys of a pair from the other is a task that requires enormous time costs for serious keys (4096 bits and beyond).
In fact, you need to have a good public SSL certificate and use SSL to push updates. All the necessary functionality is implemented in SSL: -
Confirmation that the application has connected to a legitimate site
- Protection from MiTM by replacing the site.
-Protection of transmitted information.
You don’t need to build anything into the program, so it will be impossible to steal any key from it.
In cryptography , third-party utilities should be used, since it is extremely difficult to implement high-quality protection.

Here I seem to have found such a solution:
Create a signature with a private key (on our side), fill in the signature MyFile.sign and MyFile.Dat
openssl dgst -sha256 -sign private_key.pem -out MyFile.sign MyFile.dat
So (well, algorithmically) the updater checks
openssl dgst -sha256 -verify public_key.pem -signature MyFile.sign MyFile.dat The
private key is stored with us, the public key is sewn into the updater. Thus, an attacker, even having penetrated the update server, will not be able to sign files, because. the updater will not miss them.
Here, other problems with server spoofing, mitm and so on are solved right away.

Are you protecting the transmitted data or the server itself?
If the first - switch to an SSL connection and that's it. On the https server, on the client, checking the certificate using OS.
If you need server protection - then disk encryption, smart card login, and so on.

Just sign every update.
The public key is inside the program, the private key is only with the main programmer.
Although they will break your servers, the updater will immediately reject it when it sees that the update is incorrectly signed.