💬 Security & Signing
-
@anticimex
But please show me as you have to have example... -
@anticimex
But please show me as you have to have example...@pepson see here for 2.2.0 and on left menu for 2.3.0
https://github.com/sineverba/domapi/wiki/MySensors-2.2.0-Security-and-signin
-
@pepson see here for 2.2.0 and on left menu for 2.3.0
https://github.com/sineverba/domapi/wiki/MySensors-2.2.0-Security-and-signin
@sineverba
Very very good manuals...
But i dont understand what i must type number in this placeand how get it ? It is MAC number network from RPI ?:#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0Xaa,0Xbb,0Xcc,0XF9,0X82,0XB2,0X50,0XF2,0XAB}}} // got from gateway setup
And what is diffrent with MySensors 2.3.0 ?
I must do all point from MySensors 2.2.0 and additional point for 2.3.0 ?After got your ./configure instruction, type
sudo nano /etc/mysensors.conf
And add your KEYs to the specific section on bottom of the file.
To get your first KEYs follow guide for 2.2.0And in version 2.3.0 i must do this under building gateway ?
And add serial,HMAC,AES in this place in mysensors.conf
Software signing settings
Note: The gateway must have been built with signing
support to use the options below.
To generate a HMAC key run mysgw with: --gen-soft-hmac-key
copy the new key in the line below and uncomment it.
#soft_hmac_key=
To generate a serial key run mysgw with: --gen-soft-serial-key
copy the new key in the line below and uncomment it.
#soft_serial_key=
Encryption settings
Note: The gateway must have been built with encryption
support to use the options below.
To generate a AES key run mysgw with: --gen-aes-key
copy the new key in the line below and uncomment it.
#aes_key=
and then build gateway ?
-
@sineverba
Very very good manuals...
But i dont understand what i must type number in this placeand how get it ? It is MAC number network from RPI ?:#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0Xaa,0Xbb,0Xcc,0XF9,0X82,0XB2,0X50,0XF2,0XAB}}} // got from gateway setup
And what is diffrent with MySensors 2.3.0 ?
I must do all point from MySensors 2.2.0 and additional point for 2.3.0 ?After got your ./configure instruction, type
sudo nano /etc/mysensors.conf
And add your KEYs to the specific section on bottom of the file.
To get your first KEYs follow guide for 2.2.0And in version 2.3.0 i must do this under building gateway ?
And add serial,HMAC,AES in this place in mysensors.conf
Software signing settings
Note: The gateway must have been built with signing
support to use the options below.
To generate a HMAC key run mysgw with: --gen-soft-hmac-key
copy the new key in the line below and uncomment it.
#soft_hmac_key=
To generate a serial key run mysgw with: --gen-soft-serial-key
copy the new key in the line below and uncomment it.
#soft_serial_key=
Encryption settings
Note: The gateway must have been built with encryption
support to use the options below.
To generate a AES key run mysgw with: --gen-aes-key
copy the new key in the line below and uncomment it.
#aes_key=
and then build gateway ?
@pepson You use RFM69(H/W/HW). So I. My hint is remain with 2.2.0. I got so many issues with 2.3.0 and RFM that I reverted to 2.2.0 in 1 minute.
HMAC is not LAN MAC, is HMAC got from MYsensors gateway. Same for other 2 keyes.
I think that in long explain on my guide you have all info to get your keyes. I follow my same guide everytime I need to reinstall mysensors / domoticz / an entire PI. It is fully tested :)
-
@pepson You use RFM69(H/W/HW). So I. My hint is remain with 2.2.0. I got so many issues with 2.3.0 and RFM that I reverted to 2.2.0 in 1 minute.
HMAC is not LAN MAC, is HMAC got from MYsensors gateway. Same for other 2 keyes.
I think that in long explain on my guide you have all info to get your keyes. I follow my same guide everytime I need to reinstall mysensors / domoticz / an entire PI. It is fully tested :)
@sineverba
Hi
Yes i use radio RFM69HW. I also on 2.3.0 have big problem... and back to 2.2.0. What you have problem on 2.3.0 with radio RFM69 ?I read all your guide and it is ok. But i dont know what i must put in place:
#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0Xaa,0Xbb,0Xcc,0XF9,0X82,0XB2,0X50,0XF2,0XAB}}} // got from gateway setupPut serial from this:
sudo mysgw --gen-soft-serial-keyWe will get:
SOFT_SERIAL | 7850987FA6601F6538
The next line is intended to be used in SecurityPersonalizer.ino:
#define MY_SOFT_SERIAL 0X78,0X50,0X98,0X7F,0XA6,0X60,0X1F,0X65,0X38To use this key, run mysgw with:
--set-soft-serial-key=7850987FA6601F6538And i must put my keys to mysensors.conf when i use version 2.2.0 ? Or only when use 2.3.0 ?
Software signing settings
Note: The gateway must have been built with signing
support to use the options below.
To generate a HMAC key run mysgw with: --gen-soft-hmac-key
copy the new key in the line below and uncomment it.
#soft_hmac_key=To generate a serial key run mysgw with: --gen-soft-serial-key
copy the new key in the line below and uncomment it.
#soft_serial_key=Encryption settings
Note: The gateway must have been built with encryption
support to use the options below.
To generate a AES key run mysgw with: --gen-aes-key
copy the new key in the line below and uncomment it.
#aes_key=or only send command
sudo mysgw --set-soft-serial-key=7850987FA6601F6538 && sudo mysgw --set-aes-key=768859210B4A75FACC78B757ADAFE75B && sudo mysgw --set-soft-hmac-key=0298FF121DD3194BCC33DC8185055B9D981EBE0A90D847A4777A9E65CCE4F524 ?
-
@sineverba
Hi
Yes i use radio RFM69HW. I also on 2.3.0 have big problem... and back to 2.2.0. What you have problem on 2.3.0 with radio RFM69 ?I read all your guide and it is ok. But i dont know what i must put in place:
#define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0Xaa,0Xbb,0Xcc,0XF9,0X82,0XB2,0X50,0XF2,0XAB}}} // got from gateway setupPut serial from this:
sudo mysgw --gen-soft-serial-keyWe will get:
SOFT_SERIAL | 7850987FA6601F6538
The next line is intended to be used in SecurityPersonalizer.ino:
#define MY_SOFT_SERIAL 0X78,0X50,0X98,0X7F,0XA6,0X60,0X1F,0X65,0X38To use this key, run mysgw with:
--set-soft-serial-key=7850987FA6601F6538And i must put my keys to mysensors.conf when i use version 2.2.0 ? Or only when use 2.3.0 ?
Software signing settings
Note: The gateway must have been built with signing
support to use the options below.
To generate a HMAC key run mysgw with: --gen-soft-hmac-key
copy the new key in the line below and uncomment it.
#soft_hmac_key=To generate a serial key run mysgw with: --gen-soft-serial-key
copy the new key in the line below and uncomment it.
#soft_serial_key=Encryption settings
Note: The gateway must have been built with encryption
support to use the options below.
To generate a AES key run mysgw with: --gen-aes-key
copy the new key in the line below and uncomment it.
#aes_key=or only send command
sudo mysgw --set-soft-serial-key=7850987FA6601F6538 && sudo mysgw --set-aes-key=768859210B4A75FACC78B757ADAFE75B && sudo mysgw --set-soft-hmac-key=0298FF121DD3194BCC33DC8185055B9D981EBE0A90D847A4777A9E65CCE4F524 ?
Too many ack lost and slow communication. And other that I don't remember.
That line on the sketches means that you need add on the node that you want whitelist the serial of gateway.
You got serial gateway on the steps for 2.2.0.
You have it.
You don't need to put anything in no file with 2.2.0. In my guide is NOT mentioned. In my guide, at the bottom, there is the final "set keyes" with only a line OR you can set them everytime you get them.
Please, take your time to read 1, 2, 3 times before type anything. I think it is very clear, and every step is write down for you.
;) Enjoy :)
PS Don't offend, I want help you, 'cause I used a bit of times before getting security working. And I used so many time write down a guide. But you need to read and follow carefully
-
Too many ack lost and slow communication. And other that I don't remember.
That line on the sketches means that you need add on the node that you want whitelist the serial of gateway.
You got serial gateway on the steps for 2.2.0.
You have it.
You don't need to put anything in no file with 2.2.0. In my guide is NOT mentioned. In my guide, at the bottom, there is the final "set keyes" with only a line OR you can set them everytime you get them.
Please, take your time to read 1, 2, 3 times before type anything. I think it is very clear, and every step is write down for you.
;) Enjoy :)
PS Don't offend, I want help you, 'cause I used a bit of times before getting security working. And I used so many time write down a guide. But you need to read and follow carefully
@sineverba I also have the same problem with communication. But tell me you send issue to developer ? I send but nothing done.
Ok in point 4 in your guide in sketch for node i must put serial key from gateway ? Yes ?
And tell me how remove setup serial, HMAC and AES when i dont want to use it ? How remove it from gateway ?
Thanks -
@sineverba I also have the same problem with communication. But tell me you send issue to developer ? I send but nothing done.
Ok in point 4 in your guide in sketch for node i must put serial key from gateway ? Yes ?
And tell me how remove setup serial, HMAC and AES when i dont want to use it ? How remove it from gateway ?
Thanks -
@sineverba said in 💬 Security & Signing:
no need to remove. Simply, in your sketches, don't use signing at all.
ok but if on gateway it was generate and setup keys and when in skethces i dont use keys will nody connect? and what the purpose of the signature is then ?
I thought that if the gate has a set of keys and will try to connect noda without a key that it will not connect .... -
@sineverba said in 💬 Security & Signing:
no need to remove. Simply, in your sketches, don't use signing at all.
ok but if on gateway it was generate and setup keys and when in skethces i dont use keys will nody connect? and what the purpose of the signature is then ?
I thought that if the gate has a set of keys and will try to connect noda without a key that it will not connect .... -
@pepson you can use a special flag define to "downgrade/reduce" security MY_WEAK_SECURITY
Ok summary
When i have setup on Raspberry Gateway , generate keys.When i write in node all keys with sketches.... Node connect ok.
But when write to node only sketches without keys.,... node connect to gateway or not connect to gateway ?
-
Ok summary
When i have setup on Raspberry Gateway , generate keys.When i write in node all keys with sketches.... Node connect ok.
But when write to node only sketches without keys.,... node connect to gateway or not connect to gateway ?
@pepson you need to setup gateway with weak security.
You need generate keyes and set in gateway.
You need to personalize nodes with the sketch and set keyes on Arduino EEPROM.
From now, you have two ways: Your node need security? Set use security bla-bla on top with other define(s).
Don't Need security? Don't define use security.
Simpler than ever.
-
Ok summary
When i have setup on Raspberry Gateway , generate keys.When i write in node all keys with sketches.... Node connect ok.
But when write to node only sketches without keys.,... node connect to gateway or not connect to gateway ?
@pepson if you find the security setup to be too complicated, I highly recommend sticking with the simple password flags. The documentation has it all.
-
@sineverba said in 💬 Security & Signing:
setup gateway with weak security.
But when configure my gateway without flag setup gateway with weak security i can only use nodes with setup in sketches keys. yes ?
-
@pepson if you find the security setup to be too complicated, I highly recommend sticking with the simple password flags. The documentation has it all.
Can you share me this document when is describe how define only pass ? I want also read this.
-
@sineverba said in 💬 Security & Signing:
setup gateway with weak security.
But when configure my gateway without flag setup gateway with weak security i can only use nodes with setup in sketches keys. yes ?
Let's summarize. Last time.
- compile gateway with weak security (make your research, also in my github guide, there is ;) )
- create the 3 keyes for gateway
- set the 3 keyes for gateway.
- clean your EEPROM arduinos with the sketch present in my guide and in examples of library
- set the keyes in EEPROM arduinos.
Stop. End. Fin. Fine. These steps are MANDATARY. You NEED to do.
You will have in EEPROM the keyes (arduino) and in gateway.
From now, you select:
a) Do I need security? Perfect, in sketch arduino add #define bla bla bla on top with security and other stuff.
b) Do I NOT need security? Perfect, in sketch arduino DON'T ADD #define bla bla related to security. -
@sineverba said in 💬 Security & Signing:
setup gateway with weak security.
But when configure my gateway without flag setup gateway with weak security i can only use nodes with setup in sketches keys. yes ?
-
Let's summarize. Last time.
- compile gateway with weak security (make your research, also in my github guide, there is ;) )
- create the 3 keyes for gateway
- set the 3 keyes for gateway.
- clean your EEPROM arduinos with the sketch present in my guide and in examples of library
- set the keyes in EEPROM arduinos.
Stop. End. Fin. Fine. These steps are MANDATARY. You NEED to do.
You will have in EEPROM the keyes (arduino) and in gateway.
From now, you select:
a) Do I need security? Perfect, in sketch arduino add #define bla bla bla on top with security and other stuff.
b) Do I NOT need security? Perfect, in sketch arduino DON'T ADD #define bla bla related to security.@sineverba
ok all is very good.But what give me this if i can connect nodes also with defines bla bla bla in skethc and also without define bla bla bla in sketch?
But Do I think right ? In each of these accidents in the eeprom I need to have the keys loaded? -
@sineverba
ok all is very good.But what give me this if i can connect nodes also with defines bla bla bla in skethc and also without define bla bla bla in sketch?
But Do I think right ? In each of these accidents in the eeprom I need to have the keys loaded?
