[Little Brosers] Authentication

I want to start this logbook entry by wishing everyone a merry Christmas and happy holidays!

Now let me give you an update on the authentication service. Last week I told you that I started working on it, and that the service, as well as its characteristics, were up and running. Since that time I have implemented and tested the challenge generation, response and verification on the devkit. But before doing that, I wrote a few wrapper functions for the existing crypto and hashing functions in the SDK just to make our lives a little easier. Now let’s talk about the challenge/response mechanism.

The idea is to use a random number generator for the challenge. That number is placed in the corresponding characteristic that’s available as read-only to the connected client. The client then has to read that number, sign it and write the signature in the corresponding write-only characteristic. The drop then read that signature and verifies the signature based on the public key given in the user certificate.
And vice versa, when the client sends a challenge to the drop, it writes a randomly generated number in the proper characteristics that the drop will read and sign. The signature is placed in a read-only characteristic that the client will read, and verify to make sure the self proclaimed drop is indeed a real one.

Which leaves me with the last 2 bricks of this task, processing the user and time certificates. Our backend server currently generates a x509 PEM certificate per user, and the drop has to parse and verify the contents and validity of the certificate to allow the user to exchange messages with it. I’m just starting to look at this type of certificate, its format and the data it can hold. For the moment I haven’t done a lot of research, so I’m still not sure if I’ll have to do the parsing manually or use an existing library for that. Either way, I should get back to work…

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>




This site uses Akismet to reduce spam. Learn how your comment data is processed.