security

Example of the component espressif/esp-now v2.5.2

Security Example

This example demonstrates how to use ESP-NOW security feature to configure encryption key to devices, so the transmitted ESP-NOW data will be encrypted automatically.

The basic functionality is same as get_start, but just have this extra security enhancement.

Functionality

The workflow is as follows:

  • Protocomm is used to provide simple callbacks to the application for setting the configuration.
  • ECDH and confirm details refer to security-schemes

Hardware Required

This example can run on any ESP32 series boards and at least two development boards are required, 1 works as initiator, and the others work as responders.

Configuration

Open the project configuration menu (idf.py menuconfig) to configure the Proof of Possession (PoP) string. It is used to authorize session and derive shared key. Set the same in initiator and responder devices:

Plaintext

idf.py menuconfig
    Example Configuration  --->
        Proof of Possession  --->
            "espnow_pop"

How to Use the Example

Step 1: Build & Flash & Run the Responders

  • Select the ESP-NOW security responder Mode:

Plaintext

idf.py menuconfig
    Example Configuration  --->
        ESP-NOW Mode  --->
            () Initiator Mode
            (X) Responder Mode
  • When the responder devices start up, it will wait to receive security info.

Step 2: Build & Flash & Run the Initiator

  • Select the ESP-NOW security initiator Mode:

Plaintext

idf.py menuconfig
    Example Configuration  --->
        ESP-NOW Mode  --->
            (X) Initiator Mode
            () Responder Mode
  • When the initiator starts up, it will
    • Scan the responders and get responder address list
    • Secure handshake (ECDH) with responders and confirm share key
    • Send app key encrypted by share key to responders

Step 3: Send and Receive in secure mode

  • When security state is over, encryption key derived from app key will be set.
  • Then data is encrypted and decrypted in AES128-CCM.
  • In the example, message will be received from the serial port and broadcast to others in encrypted mode.
  • Other node receives the espnow message and decrypt the data.

Example Output

Output sample from the responder device:

Plaintext

I (550) wifi:Set ps type: 0

I (553) phy_init: phy_version 4670,719f9f6,Feb 18 2021,17:07:07
I (642) wifi:mode : I (645) app_main: Uart read handle task is running
I (645) app_main: Uart write task is running
I (26512) espnow_sec_resp: Get APP key

I (716965) app_main: espnow_send, count: 43, size: 23, data: Message from responder.
I (751668) app_main: espnow_recv, <83> [24:0a:c4:d6:d3:00][1][-16][23]: Message from initiator.

Output sample from the initiator device:

Plaintext

I (564) wifi:Set ps type: 0

I (567) phy_init: phy_version 4670,719f9f6,Feb 18 2021,17:07:07
I (657) wifi:modeI (660) app_main: Uart read handle task is running
I (660) app_main: Uart write task is running
W (767) app_main: espnow wait security num: 1
I (767) espnow_sec_init: count: 0, Secure_initiator_send, requested_num: 1, unfinished_num: 1, successed_num: 0
I (1807) app_main: App key is sent to the device to complete, Spend time: 3629ms, Scan time: 2506ms
I (1807) app_main: Devices security completed, successed_num: 1, unfinished_num: 0

I (692257) app_main: espnow_recv, <43> [24:0a:c4:04:5d:3c][1][-19][23]: Message from responder.
I (726959) app_main: espnow_send, count: 83, size: 23, data: Message from initiator.

To create a project from this example, run:

idf.py create-project-from-example "espressif/esp-now=2.5.2:security"

or download archive (~5.97 KB)