Help Signing
-
I have a MQTT gateway, which interfaces with Domoticz.
I want to make a node relay, and I want to add a Soft signature.
Then add the following code to the Sketch before Config.h:#define MY_SIGNING_SOFT
#define MY_SIGNING_REQUEST_SIGNATURE
#define MY_SIGNING_SOFT_RANDOMSEED_PIN 7It's right??
In the Debug I see no difference, and normal ??
Thanks to who can help me ....
-
Hi,
first of all, you have spelled a define wrong,#define MY_SIGNING_REQUEST_SIGNATUREshould be
#define MY_SIGNING_REQUEST_SIGNATURESSecondly, you have to enable signing on the gateway as well.
Thirdly, you have to personalize your devices (as per the documentation) or signing won't work at all.
-
For Signing on Gateway I have to enter the same Code ???
While point 3 does not make me clear !! What should I do in my Relay Node?
Or is it something I then have to do in all the nodes ??
-
@sindrome73 I suggest you read up on the documentation and things should be clearer. It is HIGHLY recommended that you read it before you try to use it.
You can find the documentation on the main site.
-
It's been a month since I read and read the documentation and the various examples, but I can not understand it well !!
And very difficult for me .....I understand that documentation is important but an example of Gateway sketch would be much faster
-
@sindrome73 yes, that is why there are examples in the documentation. There are multiple sections dealing with exactly this, look in "How to use this" and "Typical use cases".
-
But I only find examples for nodes !! While for Gateway I find nothing !!!
-
@sindrome73 but there is no difference !
-
@sindrome73 and what do you mean there are no gateway examples? There is!
Please provide a link to the documentation you have read? I linked to it above, and I am reading about how to configure a gateway right now on that link...
-
-
@sindrome73 use the links from the page I sent you please.
-
They used them but they brought me to the same page anyway
-
@sindrome73 I find that hard to believe. I have verified it myself. They should go to https://www.mysensors.org/apidocs-beta/group__MySigninggrpPub.html and https://www.mysensors.org/apidocs/group__MySigninggrp.html. Not ci.mysensors.org.
-
@sindrome73 https://www.mysensors.org/about/signing shows these links at the very top.
-
But is it so difficult to load an example of a gateway + node that requires signature + a node that does not require signature?
It would help many in my situation !! I try to study the whole thing again but the signature for those like me, is at the beginning of the weapon is not easy as explained
-
I copied the same code in the gateway.
For the gateway however I have to disable the debug otherwise sketch and too big !!So I loaded this code both in the Relay Node and in the Gateway:
#define MY_SIGNING_SOFT
#define MY_SIGNING_REQUEST_SIGNATURES
#define MY_SIGNING_SOFT_RANDOMSEED_PIN 7In the Knot Debug I see this:
317050 TSF:MSG:READ,0-0-3,s=1,c=3,t=16,pt=0,l=0,sg=1: 317072 TSF:MSG:SEND,3-3-0-0,s=255,c=3,t=17,pt=6,l=25,sg=1,ft=0,st=OK:FADEB1BB0B066C3F08094CC8C74FD0A63EC503598F2B14C14B 317150 TSF:MSG:READ,0-0-3,s=1,c=1,t=2,pt=0,l=1,sg=1:1 317231 TSF:MSG:ACK REQ 317234 TSF:MSG:SEND,3-3-0-0,s=1,c=1,t=2,pt=0,l=1,sg=0,ft=0,st=OK:1 Incoming change for sensor:1, New status: 1I think something is working !! Now I would like to try to mix in the network a node that does not require signing
-
@sindrome73 the log looks good. You can use the log parser on the homepage to get it "translated". You can also enable verbose signing debug (look in MyConfig.h) if you want to see what the signing backend really does.
-
Another sore point !! I do not know how to edit Myconfig.H
Send me some links where I can see?
-
@sindrome73 you shouldn't edit it. Just look in it to find the names of the settings you add to your sketch before including MyConfig.h. And editing it is no different from editing any file for that matter.
-
@anticimex said in Help Signing:
Hi,
first of all, you have spelled a define wrong,#define MY_SIGNING_REQUEST_SIGNATUREshould be
#define MY_SIGNING_REQUEST_SIGNATURESSecondly, you have to enable signing on the gateway as well.
Thirdly, you have to personalize your devices (as per the documentation) or signing won't work at all.Hello!!
I resume my discussion !! Finally after a long time, I was able to understand the "3" point that Anticimex told me. Where it is said that the device (node ​​/ gateway) must be customized through the SecureActuator.ino files.I did this way:
I loaded the scketch SecureActuator.ino, on the node or on the gateway, and I followed these steps, and we're talking about using only the Firma Software.
Enable GENERATE_KEYS_SOFT
This will generate random keys for HMAC (signing) and AES (encryption). Copy the keys generated and replace the corresponding definitions under "User defined key data", specifically MY_HMAC_KEY and MY_AES_KEY.
Disable GENERATE_KEYS_SOFT and enable PERSONALIZE_SOFT
This will store the HMAC key and the AES key to EEPROM. It will also write a checksum of the personalization data in EEPROM to be able to detect if the data is altered.
Personalization is now complete.At this point if I understand correctly I write my scketch, adding at the beginning before Config.h
How much:#define MY_SIGNING_SOFT
#define MY_SIGNING_REQUEST_SIGNATURES
#define MY_SIGNING_SOFT_RANDOMSEED_PIN 7And load everything, on the node ...... It should be all right now ?? Quite right???
Of course, loading this scketck, gate from the Sardinian SecureActuator.ino, but this is normal because however the HMAC (signing) and AES (encryption), are stored in the EEPROM of arduino !! Quite right???
At this point I'm using the Signature correctly or do I have to do anything else ???
-
@sindrome73 assuming you have executed the personalizer sketch with your generated keys on both the gateway and the node(s), then yes. You can always see in the log if signing is being used. There is a parser for the log on the homepage.
