difference between encryption with personalization and simple password

  • Hey there,

    is there any significant difference between the two options for encryption? Does the simple one consumes more flash? Is it safe to use with OTA updates (should be, as all communication is encrypted)? Why should you bother with personalization in the first place or is it only the 'old grown' method?

    Thanks for any contribution in advance,

  • I see you have been here quite longer than me (2015) so perhaps you are well beyond what I am about to mention, but I could not help but notice you mentioned encryption and not signing, and my understanding is the project have decided that signing is probably more important than encryption?

    Further, I have yet to implement any of that myself (although I am sure I will get to it "one day") so again I could really just be not fully understanding the implications of your question due to lack of knowledge.

  • Mod

    @Anduril could you expand on what 2 options you are referring to?

  • Contest Winner

    @Anduril for encryption, the difference is not significant. With personalization, the key is stored in flash/eeprom and without it is defined in your sketch. So, if you personalize, you can publish your sketch without worrying about being compromised. And encryption works transparently with the OTA solution, IF the software that implement OTA is aware of the encryption scheme. That is, the software that configures the radio (in some solutions that is the bootloader) need to configure the appropriate key to the radio hw or driver (depending on radio).
    For bootloader based OTA that require personalization unless you recompile the bootloader with the encryption key and make it configure the radio accordingly.

  • @mfalkvidd I mean the two options #define MY_ENCRYPTION_SIMPLE_PASSWD and #define MY_RFM69_ENABLE_ENCRYPTION (with personalization before)

    @Anticimex thank you for your answer. In my case I want to implement OTA with the online version with DualOptibootloader. This way, the node will be able to decrypt and store the new firmware in external flash. With the MYS Bootloader that would not be possible as far as I understood the thing...

    @TRS-80 signing will also be added. But I want to be able to send messages unseen from the 'public' to my nodes... some of them are text-based and I don't want to be sniffed...

  • ^ Well, there is the man, right there (Anticimex). ^ 🙂

    You are in much better hands now, I will go back to trying to follow along and learn, as most of that reply still went over my head. 😄

  • Contest Winner

    @TRS-80 well thanks 🙂 the condensed answer is, use personalization if you can, as that is more private than the simple password flag. And if you plan to use OTA, dualoptiboot is the safest approach to leverage mysensors library features such as signing and encryption.

Log in to reply

Suggested Topics