security

Example of the component espressif/esp-now v2.1.1
# Security Example

This example demonstrates how to use ESP-NOW security feature to configure encryption key to devices, so the transmitted ESP-NOW data will be encrypted automatically.

The basic functionality is same as get_start, but just have this extra security enhancement.

## Functionality

The workflow is as follows:

<img src="../../docs/_static/en/espnow_security_en.png" width="450">

- [Protocomm](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/provisioning/protocomm.html) is used to provide simple callbacks to the application for setting the configuration.
- ECDH and confirm details refer to [security-schemes](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/provisioning/provisioning.html#security-schemes)

## Hardware Required

This example can run on any ESP32 series boards and at least two development boards are required, 1 works as initiator, and the others work as responders.

## Configuration

Open the project configuration menu (`idf.py menuconfig`) to configure the Proof of Possession (PoP) string. It is used to authorize session and derive shared key. Set the same in initiator and responder devices:

```
idf.py menuconfig
    Example Configuration  --->
        Proof of Possession  --->
            "espnow_pop"
```

## How to Use the Example

### Step 1: Build & Flash & Run the Responders

- Select the ESP-NOW security responder Mode:

```
idf.py menuconfig
    Example Configuration  --->
        ESP-NOW Mode  --->
            () Initiator Mode
            (X) Responder Mode
```

- When the responder devices start up, it will wait to receive security info.

### Step 2: Build & Flash & Run the Initiator

- Select the ESP-NOW security initiator Mode:

```
idf.py menuconfig
    Example Configuration  --->
        ESP-NOW Mode  --->
            (X) Initiator Mode
            () Responder Mode
```

- When the initiator starts up, it will
  * Scan the responders and get responder address list
  * Secure handshake (ECDH) with responders and confirm share key
  * Send app key encrypted by share key to responders

### Step 3: Send and Receive in secure mode

- When security state is over, encryption key derived from app key will be set.
- Then data is encrypted and decrypted in AES128-CCM.
- In the example, message will be received from the serial port and broadcast to others in encrypted mode.
- Other node receives the espnow message and decrypt the data.

## Example Output

Output sample from the responder device:

```
I (550) wifi:Set ps type: 0

I (553) phy_init: phy_version 4670,719f9f6,Feb 18 2021,17:07:07
I (642) wifi:mode : I (645) app_main: Uart read handle task is running
I (645) app_main: Uart write task is running
I (26512) espnow_sec_resp: Get APP key

I (716965) app_main: espnow_send, count: 43, size: 23, data: Message from responder.
I (751668) app_main: espnow_recv, <83> [24:0a:c4:d6:d3:00][1][-16][23]: Message from initiator.
```

Output sample from the initiator device:

```
I (564) wifi:Set ps type: 0

I (567) phy_init: phy_version 4670,719f9f6,Feb 18 2021,17:07:07
I (657) wifi:modeI (660) app_main: Uart read handle task is running
I (660) app_main: Uart write task is running
W (767) app_main: espnow wait security num: 1
I (767) espnow_sec_init: count: 0, Secure_initiator_send, requested_num: 1, unfinished_num: 1, successed_num: 0
I (1807) app_main: App key is sent to the device to complete, Spend time: 3629ms, Scan time: 2506ms
I (1807) app_main: Devices security completed, successed_num: 1, unfinished_num: 0

I (692257) app_main: espnow_recv, <43> [24:0a:c4:04:5d:3c][1][-19][23]: Message from responder.
I (726959) app_main: espnow_send, count: 83, size: 23, data: Message from initiator.
```

To create a project from this example, run:

idf.py create-project-from-example "espressif/esp-now=2.1.1:security"

or download archive