Jump to: navigation, search

Difference between revisions of "Mihini/Security"

(How to activate security with M3DA protocol?)
(FAQ/Good Practices)
(7 intermediate revisions by one other user not shown)
Line 1: Line 1:
 +
Don't hesitate to make a test by running Mihini on your local computer.
 +
 
== How to activate security with M3DA protocol? ==
 
== How to activate security with M3DA protocol? ==
  
Line 6: Line 8:
 
</source>
 
</source>
  
Note: Here the following list you can define for encryption and authentication:
+
''Note'': Here the following list you can define for encryption and authentication:
* AUTHENTICATION_TYPE = hmac-md5    or  hmac-sha1  or none  (if you select none for authentication, you must select none for encryption)
+
* AUTHENTICATION_TYPE = hmac-md5    or  hmac-sha1  or none  (if you select none for authentication, you must select none for encryption)
* ENCRYPTION_TYPE    = aes-cbc-128  or    aes-cbc-256  or  aes-ctr-128  or  aes-ctr-256  or  none
+
* ENCRYPTION_TYPE    = aes-cbc-128  or    aes-cbc-256  or  aes-ctr-128  or  aes-ctr-256  or  none
 +
 
  
 
1. Choose the authentication algorithm :
 
1. Choose the authentication algorithm :
<source>
+
<source lang="lua">
 
agent.config.server.authentication ='hmac-sha1'
 
agent.config.server.authentication ='hmac-sha1'
 
</source>
 
</source>
 
   
 
   
 
2. Choose the encryption algorithm :
 
2. Choose the encryption algorithm :
<source>
+
<source lang="lua">
 
agent.config.server.encryption ='aes-cbc-128'
 
agent.config.server.encryption ='aes-cbc-128'
 
</source>
 
</source>
  
3. Generate the keys by using Registration password (shareKey) (=> Compute and store the keys)
+
3. Do not forget to set deviceId (first):
<source>
+
<source lang="lua">
 +
agent.config.agent.deviceId = "tototo"
 +
</source>
 +
 
 +
4. Generate the keys by using Registration password (shareKey) (=> Compute and store the keys)
 +
<source lang="lua">
 
require 'agent.provisioning'.registration_password 'xxxx'      (needs "make all agent_provisioning" to be executed before)
 
require 'agent.provisioning'.registration_password 'xxxx'      (needs "make all agent_provisioning" to be executed before)
 
</source>
 
</source>
Line 27: Line 35:
 
== Usefull commands ==
 
== Usefull commands ==
 
If you want to remove the authentication:
 
If you want to remove the authentication:
> agent.config.server.authentication = nil
+
<source lang="lua">
 +
agent.config.server.authentication = nil
 +
</source>
  
 
To remove the encryption:
 
To remove the encryption:
> agent.config.server.encryption = nil
+
<source lang="lua">
 +
agent.config.server.encryption = nil
 +
</source>
  
 
To change the password :
 
To change the password :
> require 'agent.provisioning'.password ='xxxx'                  (needs "make all agent_provisioning" to be executed before)
+
<source lang="lua">
 +
require 'agent.provisioning'.password ='xxxx'                  (needs "make all agent_provisioning" to be executed before)
 +
</source>
  
 
To remove the password :
 
To remove the password :
Keys are stored in :   /readyagent/build.default/runtime/crypto
+
* Keys are stored in: /readyagent/build.default/runtime/crypto
Remove the file : crypto.key
+
* Remove the file: crypto.key
 +
 
 +
''Note'': If you do a reset factory on your device, the keys are not deleted.
  
 
Create a connection:
 
Create a connection:
> airvantage=require "airvantage"
+
<source lang="lua">
> airvantage.connecttoserver()
+
airvantage=require "airvantage"
 +
airvantage.connecttoserver()
 +
</source>
 +
 
 +
== FAQ/Good Practices ==
 +
 
 +
<em>Q</em>: I get timeout when I try to contact the server.<br/>
 +
<em>A</em>:
 +
Check that port 44900 is opened.

Revision as of 09:32, 5 April 2013

Don't hesitate to make a test by running Mihini on your local computer.

How to activate security with M3DA protocol?

Firstly, you need to compile a module which is not compiled by default. After you build.sh, you must do this command:

$ make all agent_provisioning

Note: Here the following list you can define for encryption and authentication:

  • AUTHENTICATION_TYPE = hmac-md5 or hmac-sha1 or none (if you select none for authentication, you must select none for encryption)
  • ENCRYPTION_TYPE = aes-cbc-128 or aes-cbc-256 or aes-ctr-128 or aes-ctr-256 or none


1. Choose the authentication algorithm :

agent.config.server.authentication ='hmac-sha1'

2. Choose the encryption algorithm :

agent.config.server.encryption ='aes-cbc-128'

3. Do not forget to set deviceId (first):

agent.config.agent.deviceId = "tototo"

4. Generate the keys by using Registration password (shareKey) (=> Compute and store the keys)

require 'agent.provisioning'.registration_password 'xxxx'       (needs "make all agent_provisioning" to be executed before)

Usefull commands

If you want to remove the authentication:

agent.config.server.authentication = nil

To remove the encryption:

agent.config.server.encryption = nil

To change the password :

require 'agent.provisioning'.password ='xxxx'                   (needs "make all agent_provisioning" to be executed before)

To remove the password :

* Keys are stored in: /readyagent/build.default/runtime/crypto
* Remove the file: crypto.key

Note: If you do a reset factory on your device, the keys are not deleted.

Create a connection:

airvantage=require "airvantage"
airvantage.connecttoserver()

FAQ/Good Practices

Q: I get timeout when I try to contact the server.
A: Check that port 44900 is opened.