Wrong instructions on gateway for personalizer?
-
Sorry for title not very clear.
I have gateway and nodes with version 2.2.0 rc2.
I set security and signing on it with:
sudo mysgw --set-soft-hmac-key=CA425435D5765F2A96B97A10B38 && sudo mysgw --set-soft-serial-key=B821E72AB && sudo mysgw --set-aes-key=FC50FB78398514EAThe answer from PI for SOFT HMAC KEY is:
The next line is intended to be used in SecurityPersonalizer.ino: #define MY_SOFT_HMAC_KEY 0XCA,0X42,0X54,0X35,0X5F,0X2A,0XB,0X38But in security personalizer we have
#define MY_HMAC_KEY
And I use exactly this last one. Missing the "soft" from personalizer or wrong PI or am I totally wrong?
-
@sineverba it looks to me that you fork several instances of mysgw. Should it not be called once with all the arguments? I am not very involved in the rPi port so I am not sure how arguments to mysgw take effekt. If they are stored in some NVM emulated space or if they are just cashes in runtime, so it might be correct use, but to me it looks really strange from a Linux point of view to call mysgw several times, with one argument every time. @marceloaqno might be able to give the final word on this.
-
@sineverba on the topic on what the mysgw app replies for you to put in the personalizer, yes, it seem they are out of alignment. I am working on refactoring some of the simple password flags and will re-do documentation on those. I will have a look at the rPi keywords at the same time to verify they are in sync.
Thanks for reporting. If you would like, please report a bug for this on github.
-
@anticimex With the "&&" you are basically launch 3 instructions with one row. It is the same thing that you launch first command and press enter. Wait for compute, type 2nd and press enter and so on...
So, do you confirm they are out of alignment? If yes, I open the bug on github.
Thank you!
-
@sineverba right, but I thought mysgw actually started the GW. It does not matter, the issue here is that the output from mysgw suggests changes in the security personalizer which are not there anymore so it needs to be updated. So yes, please report a bug on it.
-
Hi
Is any place where we can found step by step manual how secure and singin gateway and nodes ? I use radio RFM69HW.
-
-
I found this
https://forum.mysensors.org/topic/4803/building-a-raspberry-pi-gateway/350But how use it on my Gateway on RPi3 with radio RFM69HW ? I think about point number 1... Because --my-rfm69-encryption-enable not reconized......
-
@pepson you asked about signing? Encryption is a different thing. @marceloaqno?
-
But for what is signing and for what is encryption ?
-
@pepson Could you rephrase that question please? I don't understand it. Have you read the documentation I linked to?
-
@pepson said in Wrong instructions on gateway for personalizer?:
But how use it on my Gateway on RPi3 with radio RFM69HW ? I think about point number 1... Because --my-rfm69-encryption-enable not reconized......
You need to uncomment the //#define MY_RFM69_ENABLE_ENCRYPTION in myconfig.h on the RPI and recompile the gw.
-
@gohan I suggest you avoid hacking in MyConfig.h. Just define what you need in the sketch prior to including MyConfig.h instead. MyConfig.h provide default values. Most of these are designed to be overridden. That way, you only need to change your ino file and not mess with the library code. If you have multiple sketches using the same library they will inherit anything you hack on the common code (like MyConfig.h) and that is not necessarily what you want.
-
@gohan furthermore, for rPi, configuration is handled with the configure tool. Not MyConfig.h.
-
what is then the rfm69 encryption command? I didn't find it and the one I set in myconfig actually does the job.
-
@gohan well, that is indeed strange because the entire feature is not existing (see here: https://github.com/mysensors/MySensors/pull/1054)
Please don't give incorrect advice on security topics.
Where have you found the flag you mention?Edit: wrong radio and pr, I mean this: https://github.com/mysensors/MySensors/pull/1056
-
On line 753 of myconfig.h
-
@gohan see my edit
-
I don't understand what you want me to do
-
@gohan don't suggest people hack in MyConfig.h because it's the wrong thing to do.
