I have been trying to read up on the signing and encryption part. But some questions I am not able to find a simple answere to.
If I define "MY_SECURITY_SIMPLE_PASSWD" with a password:
- Do I need to asign a anlog pin for random seed?
- If I define it in the gateway, can nodes without "MY_SECURITY_SIMPLE_PASSWD" defined send messages to the gateway, and vice versa?
- If I don't define it in the gateway, can nodes with it defined send messages to the gateway?
- yes, for good entropy for crypto operations
- yes but that depend on your use of the MY_SIGNING_WEAK_SECURITY setting and if you have encryption and signing personalized using the same password
- yes, see above
So i have looked at the API dokumentation and in MyConfig.h and can't seem to find the default value of MY_SIGNING_WEAK_SECURITY.
I still feel unsure how it works.
My code looks like this (in both GW and node), and I don't set anything else, and doesn't include MyConfig.h in my sketch:
#define MY_SECURITY_SIMPLE_PASSWD "123456789" #define MY_SIGNING_SOFT_RANDOMSEED_PIN A3
- As I understand the documentation the communication will be encrypted in both ways, and all messages will be signed. Is that correct?
- What if I build another sensor node without these lines of code. Will the gateway accept it?
- What if I build another actuator node without these lines of code. Will the node accept messages from the GW?
Or do I need to set the "MY_SIGNING_REQUEST_SIGNATURES" in both GW and node to force signing?
@strixx here is the docs for the simple password flag: https://www.mysensors.org/apidocs/group__SigningSettingGrpPub.html#gaedf8ec407fbde609a520ea0d95da2aac
As you can see, defining it will enable signing, encryption and requests for signatures and it has to be defined for all nodes.
So, using it will require you to have it on all nodes.
Adding the weak flag to your gw in this case will enable you to to relax this requirement and add nodes that does not sign messages (but you still have to enable encryption on that node).
So to sum it up, I would recommend you to, if you really want to use the simple flag, use it on all nodes and gw.
@anticimex Thank you! I have been reading that doc, but missed the part that says: "This flag will enable signing, signature requests and encryption."
@strixx you are welcome. The simple flag is designed to be as simple as can be. So it enables everything. On development it is slightly refactor ed, so it is possible to use simple signing, simple encryption or simple "both" (which if I recall is named SIMPLE_SECURITY_PASSWD or similar.