Encryption with RFM69 and PI serial GW
-
@Anticimex, clear therefore I don't understand that my configuration as given below is working.
rPI mysensors.conf
aes_key=D35AB40FDE3DBF9EAB4DC9CDA48EDB55promini node:
#define MY_RFM69_ENABLE_ENCRYPTION
#define MY_RFM69_ENCRYPTKEY "D35AB40FDE3DBF9EAB4DC9CDA48EDB55"Thanxs for your quick replies.
@jerby well, as far as I know, there is no such define available: MY_RFM69_ENCRYPTKEY
Arduinos are personalized with their keys using a personalizer sketch. If you don't want to do that there is the "simple" security flags.
Are you sure encryption is really activated at both ends? -
@Anticimex, clear therefore I don't understand that my configuration as given below is working.
rPI mysensors.conf
aes_key=D35AB40FDE3DBF9EAB4DC9CDA48EDB55promini node:
#define MY_RFM69_ENABLE_ENCRYPTION
#define MY_RFM69_ENCRYPTKEY "D35AB40FDE3DBF9EAB4DC9CDA48EDB55"Thanxs for your quick replies.
@jerby if you run the personalizer sketch with proper flags, it will show you the data in eeprom. The radio uses the AES key in eeprom if you enable encryption on the node. And afaik, it is not supported to define any security keys as strings in the sketches, the only exception being the "simple" flags. The personalizer uses 0x hex byte syntax for its definition and I believe the personalizer also provide the keys in that form in the personalization flow for simple deployment purposes (copy+paste).
-
@Anticimex, great that could be the answer. I'll build the node without #define MY_RFM69_ENCRYPTKEY and see if they still communicate. Thxs.
-
@Anticimex, test failed. So #define MY_RFM69_ENCRYPTKEY is required for encryption with the RFM69 and encryption key from EEPROM is not used!
My question how does the compiler know that the entered MY_RFM69_ENCRYPTKEY is in hex and not acsii is still a mistory to me.
Regards, and thanks for your help. -
@Anticimex, test failed. So #define MY_RFM69_ENCRYPTKEY is required for encryption with the RFM69 and encryption key from EEPROM is not used!
My question how does the compiler know that the entered MY_RFM69_ENCRYPTKEY is in hex and not acsii is still a mistory to me.
Regards, and thanks for your help.@jerby I need more details on your setup to be able to help you.
Your flag is unknown to me and non-existant in the MySensors repository as you can see here: https://github.com/mysensors/MySensors/search?utf8=✓&q=MY_RFM69_ENCRYPTKEY&type=So you must be running some other code base for your things that I am unfamiliar with.
-
@Anticimex, this is the references that I found:
row 418.
-
@Anticimex, this is the references that I found:
row 418.
@jerby from the readme of that fork, the library version is 1.4. That is practically ancient and probably before I even started on the security framework.
It is certainly not compatible with anything current in the MySensors environment. And with current I am talking about something from the last 3 years. -
@jerby said in Encryption with RFM69 and PI serial GW:
My configuration is as follows:
I started with a rPI with Domoticz and NRF24 nano GW and nodes with soft signing and encryption. I've added a RFM69 nano GW with soft signing and encryption and converted one node from NRF24 to RFM69. That configuration worked but the serial GW's got mixed up. The RFM69 sensors showed up under NRF24 GW and working so I even could disable the RFM69 under Hardware while the RFM69 sensors still worked via the NRF24 GW. The sketch name of the RFM69 also showed up at the NRF24 GW. Therefore I removed the RFM69 nano GW and connected the RFM69 on the I/O pins of the rPI and configured the rPI as follows:*git clone https://github.com/mysensors/MySensors.git --branch master
configured the keys from the personaliser in the file etc/mysensors.conf
sudo ./configure --my-transport=rfm69 --my-rfm69-frequency=433 --my-is-rfm69hw --my-gateway=serial --my-serial-is-pty --my-serial-port=/dev/ttyUSB020 --my-rfm69-irq-pin=22 --my-rfm69-cs-pin=24 --my-rfm69-encryption-enabled*
sudo make install
etc.And the promini node with:
#define MY_IS_RFM69HW
#define MY_RFM69_FREQUENCY (RFM69_433MHZ)
#define MY_RFM69_NETWORKID 100 // Default network id. Use the same for all nodes that will talk to each other
#define MY_RFM69_ENABLE_ENCRYPTION
#define MY_RFM69_ENCRYPTKEY "D35AB40FDE3DBF9EAB4DC9CDA48EDB55"
#define MY_RFM69_NEW_DRIVERWhen I remove the #define MY_RFM69_ENCRYPTKEY communication doesn't work any more.
I use platformio as development platform.
Hope this is sufficient info of my setup. -
@jerby said in Encryption with RFM69 and PI serial GW:
My configuration is as follows:
I started with a rPI with Domoticz and NRF24 nano GW and nodes with soft signing and encryption. I've added a RFM69 nano GW with soft signing and encryption and converted one node from NRF24 to RFM69. That configuration worked but the serial GW's got mixed up. The RFM69 sensors showed up under NRF24 GW and working so I even could disable the RFM69 under Hardware while the RFM69 sensors still worked via the NRF24 GW. The sketch name of the RFM69 also showed up at the NRF24 GW. Therefore I removed the RFM69 nano GW and connected the RFM69 on the I/O pins of the rPI and configured the rPI as follows:*git clone https://github.com/mysensors/MySensors.git --branch master
configured the keys from the personaliser in the file etc/mysensors.conf
sudo ./configure --my-transport=rfm69 --my-rfm69-frequency=433 --my-is-rfm69hw --my-gateway=serial --my-serial-is-pty --my-serial-port=/dev/ttyUSB020 --my-rfm69-irq-pin=22 --my-rfm69-cs-pin=24 --my-rfm69-encryption-enabled*
sudo make install
etc.And the promini node with:
#define MY_IS_RFM69HW
#define MY_RFM69_FREQUENCY (RFM69_433MHZ)
#define MY_RFM69_NETWORKID 100 // Default network id. Use the same for all nodes that will talk to each other
#define MY_RFM69_ENABLE_ENCRYPTION
#define MY_RFM69_ENCRYPTKEY "D35AB40FDE3DBF9EAB4DC9CDA48EDB55"
#define MY_RFM69_NEW_DRIVERWhen I remove the #define MY_RFM69_ENCRYPTKEY communication doesn't work any more.
I use platformio as development platform.
Hope this is sufficient info of my setup.@jerby can you confirm that you run with the same library version in both gateway and node?
And that the encryptkey flag is not present in any code you use. Because it shouldn't if you run with a library from the ladt 4 years. And therefore the presence of that flag or not in your code should have no effect. So I suspect you run an outdated version of the library or a fork. -
@Anticimex, I confirm that I'm have build pro mini and rPI on MySensors version 2.3.1 and didn't specify the encryptkey other than in given define and in EEPROM.
So now I removed the define again and ... communication is still working:walking: , you :muscle: where absolutely right. Don't know what I did yesterday :man-shrugging:
Tomorrow I'll start again with adding software signing and see if that will work too.
Thanks again for your patience and help, great support :clap: .
-
@Anticimex, I confirm that I'm have build pro mini and rPI on MySensors version 2.3.1 and didn't specify the encryptkey other than in given define and in EEPROM.
So now I removed the define again and ... communication is still working:walking: , you :muscle: where absolutely right. Don't know what I did yesterday :man-shrugging:
Tomorrow I'll start again with adding software signing and see if that will work too.
Thanks again for your patience and help, great support :clap: .
