brmlab/brmdoor_libnfc
4
0
Fork 0
mirror of https://github.com/brmlab/brmdoor_libnfc.git synced 2025-08-02 18:33:37 +02:00
Code Issues Projects Releases Packages Wiki Activity

Authentication with NDEF message on Desfire containing signed UID via Ed25519

Browse source
This commit is contained in:
Ondrej Mikle 2017-10-22 22:39:55 +02:00
parent 892b69f939
commit d0121aaed9
12 changed files with 286 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

29
README.md
View file

@ -28,10 +28,16 @@ It is much more general in use than to use it as authenthicator to open door.
You need just to run `make`. Additional dependencies:
- [libnfc](https://github.com/nfc-tools/libnfc/releases), already present in Raspbian 8 repositories
- [libnfc](https://github.com/nfc-tools/libnfc/releases), in Debian and Ubuntu as libnfc-dev
- [libfreefare](https://github.com/nfc-tools/libfreefare), in Debian and Ubuntu install libfreefare-bin and libfreefare-dev
- [python-axolotl-curve25519](https://github.com/tgalal/python-axolotl-curve25519), in Ubuntu and Debian install python-axolotl-curve25519
- [SWIG](http://www.swig.org/)
- [WiringPi2 pythonic binding](https://github.com/WiringPi/WiringPi2-Python) (for switching lock on Raspberry)
All dependencies except for wiring can be installed via:
`apt install libnfc-dev libfreefare-bin and libfreefare-dev python-axolotl-curve25519 swig3.0`
## Howto
1. Create the database
@ -44,17 +50,28 @@ You need just to run `make`. Additional dependencies:
3. Add some users
- either authenthication by UID, e.g.:
- either authentication by UID, e.g.:
brmdoor_adduser.py -c brmdoor_nfc.config -a uid 34795FCC SomeUserName
./brmdoor_adduser.py -c brmdoor_nfc.config -a uid 34795FCC SomeUserName
- authenthication by Yubikey's HMAC-SHA1 programmed on slot 2
- authentication by Yubikey's HMAC-SHA1 programmed on slot 2
brmdoor_adduser.py -c brmdoor_nfc.config -a hmac 40795FCCAB0701 SomeUserName 000102030405060708090a0b0c0d0e0f31323334
./brmdoor_adduser.py -c brmdoor_nfc.config -a hmac 40795FCCAB0701 SomeUserName 000102030405060708090a0b0c0d0e0f31323334
- to program Yubikey slot 2 to use HMAC with given key, use:
- to program Yubikey slot 2 to use HMAC with given key (requires package `yubikey-personalization`), use:
ykpersonalize -2 -ochal-resp -ohmac-sha1 -ohmac-lt64 -oserial-api-visible
- authentication using signed UID as NDEF message on Desfire:
./brmdoor_adduser.py -c brmdoor.config -a ndef 04631982cc2280 SomeUserName"
- you need to generate Ed25519 keypair, store the private key somewhere safe and put the public in config file
./generate_ed25519_keypair.py
- you need to program the Desfire card to have the signature
Finally, run the daemon: