Additional encryption?


#1

I have been searching the web for a WiFi module that supports additional encryption such as AES 128 or AES 256. Besides WiFi authentication encryption, do any of the imp products support additional client to server encryption? My current WiFi module from a different vender doesn’t support additional encryption so I am sending login credentials and other data to my TCP server in plain text.


#2

Electric Imp projects are split into two sections - device code, and server code.

There should be no reason your device code needs to know about login credentials (authentication and authorization should happen at the agent/server level, and then pass commands down to the device).

While the agent/server doesn’t support AES 128 or 256, it does support HMAC SHA hashing, allowing you to do public/private key encryption.


#3

The imp’s connection to the imp server, where the agent runs, is AES-128 encrypted (it uses TLS), which is on top of the WEP/WPA/WPA2 link level encryption.

The agent can then make, or receive, HTTPS connections to third party services, apps, etc.

So yes, your login credentials (which will generally only ever exist in the agent, not the device) are secure.


#4

Beardedinventor made the comment that HMAC SHA can be used to do public/private key encryption. I’m not smart enough to understand how that is possible. I thought that symmetric and asymmetric cryptography were distinct from hashing.
Can anyone explain how it can be employed? I’m looking to store some data in our servers that can only be decrypted by the agent.


#5

I’d say that was an incorrect comment, to be honest. Hashing is not reversible hence is not usable for encryption.

There is an AES library for squirrel here: https://github.com/kisi-inc/aes-squirrel


#6

Thanks, that looks ideal.