ESP32 with SHA256 anyone?

For general Flowcode discussion that does not belong in the other sections.
Post Reply
MJU20
Posts: 238
http://meble-kuchenne.info.pl
Joined: Tue Dec 08, 2020 5:11 pm
Has thanked: 75 times
Been thanked: 50 times

ESP32 with SHA256 anyone?

Post by MJU20 »

Has anyone tried secure communication with an ESP32 using SHA or other safe methods?

I just found out that ESP32 has an built in "Digital Signature (DS) feature".
Digital signatures provide a way to cryptographically authenticate a message using a private key, to be verified
using the corresponding public key. This can be used to validate a device’s identity to a server, or to authenticate
the integrity of a message has not been tampered with.
ESP32-S2 includes a digital signature (DS) peripheral which produces hardware accelerated RSA digital
signatures, without the RSA private key being accessible by software.
Maybe not quite the same as SHA256 but it seems to be useful?

There are two things I want to use a ESP32 for in the future:
  • Tell a receiver that the message it just received is from a specific device
  • Send a message that is unreadable for other devices
In short: I want to send messages that are encrypted OR have a signature.
What I've read SHA256 is a good way of securing these messages.

Anyone ever used a ESP32 for these purposes?

So in the first case I want to send a message (doesn't need to be encrypted), but the receiver must know that the message it receives is 100% one that has been send by a certain device. Like in a remote control for a garage port or something.
The second way I want to use a ESP32 for is like sending data to a receiver that only this receiver can decode.

Has anyone tried these methods ever with Flowcode?
How can I start with these features?

chipfryer27
Valued Contributor
Posts: 1110
Joined: Thu Dec 03, 2020 10:57 am
Has thanked: 278 times
Been thanked: 397 times

Re: ESP32 with SHA256 anyone?

Post by chipfryer27 »

Hi

No expert with the ESP32, having only recently started to explore with FAD when time allows. Crypto capabilities would be a useful feature so I'll follow your progress with interest.

One way to identify the module would be to use it's MAC address. These are supposed to be unique. I say supposed as a few years back I was using some ESP8266 modules (possibly clones, all bought from same vendor) to communicate with a server and discovered that instead of being unique, upon power up the modules chose one a few possible addresses. I discovered this totally by accident when checking server logs. I had two entries using the same MAC that couldn't possibly have been from the same device. I had hoped to use the MAC as a unique identifier but this discovery scuppered that idea. I then had to include a predefined string as my ID. I was using "GET" to update the server so it was easy enough to include the ID.

Good luck with your project.

Regards

MJU20
Posts: 238
Joined: Tue Dec 08, 2020 5:11 pm
Has thanked: 75 times
Been thanked: 50 times

Re: ESP32 with SHA256 anyone?

Post by MJU20 »

Hey thanks,

Using the MAC address doesn't look secure enough.
By checking the MAC address (which should be unique) an attack could be to simulate the MAC address.

In the first case it seems that there should be a challenge/response system?
The device that checks if the reply is OK by sending a challenge code, on which the other device does a calculation that can be checked by the first one.
By generating a "random" challenge code the protection should be ok.

Right?

chipfryer27
Valued Contributor
Posts: 1110
Joined: Thu Dec 03, 2020 10:57 am
Has thanked: 278 times
Been thanked: 397 times

Re: ESP32 with SHA256 anyone?

Post by chipfryer27 »

Hi

I don't envy your task as encryption has the potential to quickly snowball out of hand and overwhelm the capabilities of less powerful chips. If the ESP has hardware capabilities that would initially seem the way to go, but of course it limits you to only using ESPs in your project.

Have you defined your risks? By that I mean look where you are vulnerable, why it's a vulnerability and what can be done about it? I assume you will be in total control over both ends of your system and you are using the public internet as the communications medium?

"Why would I bother"...? By that I mean what gain would there be for me to attempt to "hack" your project? Is it worth my effort? No point in creating the world's most secure vault if you are only storing nothing of any value :)

I think your challenge / response idea could be implemented as a way to verify a bone-fide user, possibly then negating encryption, but most likely means you need to either program in "code" to every device or allow every user to enter a "key" you provide.

Good luck.

Regards

MJU20
Posts: 238
Joined: Tue Dec 08, 2020 5:11 pm
Has thanked: 75 times
Been thanked: 50 times

Re: ESP32 with SHA256 anyone?

Post by MJU20 »

Thank you Chipfryer,

Thing is that I live in two worlds, a "maker" world and a world where I sometimes ask questions on a forum.
The makerworld would respond like you do. "Don't bother, who's going to steal your communication?"
The other world (especially Dutch people), think the other way round: "Your information will be all over the place"

The first is maybe a bit to confident, but the second one is all about panic "They are going to steal everything in your house!!!".

But if communication is send wireless (or NFC) there is a slight chance that someone is interested.
I saw that the ESP has a feature to encrypt, but this seems to be other then SHA or AES.

I've been reading about Rijndael encryption but this is a bit too complicated for me at this moment.

I've asked Matrix before to find some way to "secure" data in a way this is easily to convert to a Flowcode component.
Maybe I could ask again?

BenR
Matrix Staff
Posts: 1707
Joined: Mon Dec 07, 2020 10:06 am
Has thanked: 435 times
Been thanked: 598 times

Re: ESP32 with SHA256 anyone?

Post by BenR »

Hello,

It's still part of our plan. We have upgraded the tcpip simulation dll so it can do https comms though we've not had chance to roll this out yet. We also have plans for fc10 and app developer that means encryption is a bigger deal certainly for esp and rpi that should be able to do it fairly easily. I need to get more of a handle on it so I'll try and make a push to do the learning :D

Post Reply