Encryption with RFM69 [solved]



  • Hey Everyone. I'm using the example sketch from Mysensors MQTT Gateway and node.
    I've added the standard RFM69HW items and the node sends data to the gateway.

    It would be nice to use signing/encryption so looking through the forums I found:

    #define MY_SECURITY_SIMPLE_PASSWD "123456789"
    #define MY_SIGNING_SOFT_RANDOMSEED_PIN A0
    

    Using A0 since it is the only analogue pin I have on the Wemos D1 mini.

    I pasted the same string to both the node and the gw and while I see they are trying to communicate but get SIGN FAIL.

    So I would like to ask if someone has seen a tutorial or knows what needs to be enable for encryption?


  • Contest Winner

    @les hi! The apidocs should have some hints on how to set it up.


  • Contest Winner

    @les here are all the security related flags documentation.



  • @anticimex Thanks for the tips. I did review those pages and based on that it seems that #define MY_SECURITY_SIMPLE_PASSWD "yourpassword" is all that would be required unless you would like to personalize. I would like to keep it simple though.


  • Contest Winner

    @les right, but you also write that you were interested in encryption and not signing, so it is not the correct flag in that case. And also, note that you need the same flag on all nodes and gw if you use one that enable encryption.



  • @anticimex according to the documentation

    MY_SECURITY_SIMPLE_PASSWD Enables security (signing and encryption) without the need for personalization
    

    So the connection should be encrypted and signed without anything else (other than putting the same define statement on all nodes with the same password).


  • Contest Winner

    @les correct.
    Have you checked the troubleshooting section in the docs regarding signibg issues? There is also a more verbose debug flag available.



  • @anticimex said in Encryption with RFM69:

    roubleshooting section in the docs regarding signibg iss

    I see that now, will give it a shot.



  • #define MY_RFM69_ENABLE_ENCRYPTION

    All nodes and gateway must have this enabled, and all must be personalized with the same AES key.
    You need a helper-sketch specifically for this purpose

    • SecurityPersonalizer.ino


  • @kimot Ok, thanks for that info, I thought with MY_SECURITY_SIMPLE_PASSWD you didn't need to personalize. If I'm reading the instruction properly flash securitypersonal.ino to device, copy out the key and then paste to all nodes. Which sounds simple. Have I missed anything?


  • Contest Winner

    @les correct, no personalization needed. But with that flag, all nodes in your network need to share it. And memory requirements increase significantly so pay attention to the compiler log regarding warnings on memory use.



  • I added the following to the top of my code:
    #define MY_DEBUG
    #define MY_DEBUG_VERBOSE_SIGNING
    #define MY_SECURITY_SIMPLE_PASSWD "testpass"

    And it works now....not sure if having the Security above the radio information helped, but it does work now 🙂


  • Contest Winner

    @les great! We'll, the debug flags should not help getting things to work, only provide additional information if it doesn't.
    All configuration flags need to be placed prior to any header include directives. Else they will have no effect.
    Anyway, glad it worked out in the end.


Log in to reply
 

Suggested Topics

69
Online

11.4k
Users

11.1k
Topics

112.7k
Posts