1
0
Fork
You've already forked SolarSystem
0

Key rollover #226

Closed
opened 2023年04月09日 07:51:19 +02:00 by revk · 1 comment
revk commented 2023年04月09日 07:51:19 +02:00 (Migrated from github.com)
Copy link

The system supports key rollover. This has the issue that all fobs need to be seen by a reader for keys to update, and as such the system supports three concurrent keys in the door controllers. However the system lacks a user interface to instigate key roll over.

  • Add back end message and UI for "Key rollover", making a new key for specific AID, and triggering door update
  • Auto retire any keys not in use - will have side effect of allowing older keys still in use to come back in to top 3
  • Add user interface to show key versions in use per AID, this may mean mirroring some key version data from SSKey to SS to allow web interface to see this.
  • Ensure current key version is logged per fob/aid and include user interface to show on fob view
  • Show counts of fobs with each key version in the aid view so admin can see when a key retire can be done
  • Test rollover works properly with updates to fobs as expected.
  • Some way to show keys that are not up to date, not just a count...

Issue #210 relates to this, and can be incorporated at the same time.

  • Add additional field to keys table to flag if the key is to be encrypted (i.e. the actual key used on the fob is result of encrypting the UID with the database key)
  • Add a setting to indicate to the door controller which of the keys are encrypted
  • Make new keys flagged as encrypted by default (it could be a site setting, but why)
  • Change door controller to understand how to use encrypted keys
  • Change fob adopt to understand how to use encrypted keys when adopting fobs

Finally

  • Check it is possible to re-adopt a fob if keys too old
The system supports key rollover. This has the issue that all fobs need to be seen by a reader for keys to update, and as such the system supports three concurrent keys in the door controllers. However the system lacks a user interface to instigate key roll over. - [x] Add back end message and UI for "Key rollover", making a new key for specific AID, and triggering door update - [x] Auto retire any keys not in use - will have side effect of allowing older keys still in use to come back in to top 3 - [x] Add user interface to show key versions in use per AID, this may mean mirroring some key version data from SSKey to SS to allow web interface to see this. - [x] Ensure current key version is logged per fob/aid and include user interface to show on fob view - [x] Show counts of fobs with each key version in the aid view so admin can see when a key retire can be done - [x] Test rollover works properly with updates to fobs as expected. - [x] Some way to show keys that are not up to date, not just a count... Issue #210 relates to this, and can be incorporated at the same time. - [x] Add additional field to keys table to flag if the key is to be encrypted (i.e. the actual key used on the fob is result of encrypting the UID with the database key) - [x] Add a setting to indicate to the door controller which of the keys are encrypted - [x] Make new keys flagged as encrypted by default (it could be a site setting, but why) - [x] Change door controller to understand how to use encrypted keys - [x] Change fob adopt to understand how to use encrypted keys when adopting fobs Finally - [x] Check it is possible to re-adopt a fob if keys too old
revk commented 2023年04月09日 11:55:29 +02:00 (Migrated from github.com)
Copy link

The change is that keys are all now 18 bytes, a type byte, version byte and 16 byte AES.

  • The type 00 means key not set (previously key ver 00 meant that)
  • The type 01 means normal key (use the ver and key as is)
  • The type 02 means encrypted key, encrypt the UID with the key specified to use as key on the fob

Other types could be added in future, obviously.

The change is that keys are all now 18 bytes, a type byte, version byte and 16 byte AES. - The type 00 means key not set (previously key ver 00 meant that) - The type 01 means normal key (use the ver and key as is) - The type 02 means encrypted key, encrypt the UID with the key specified to use as key on the fob Other types could be added in future, obviously.
Sign in to join this conversation.
No Branch/Tag specified
master
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
RevK/SolarSystem#226
Reference in a new issue
RevK/SolarSystem
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?