Mobile library security2/SRP6 maturity level
Posted: Wed Nov 23, 2022 1:27 pm
by roberthartman
How mature are the Android and iOS ESP provisioning libraries with regard to security2/SRP6? We will be utilizing this scheme via ESP-IDF in firmware for a client and also developing mobile apps for them. I'm trying to figure out what we can expect from the native mobile libraries.
I did not see a discussion forum specific to the mobile libraries, so I apologize if this is not the best place to ask this. Also, the forum search feature appears to not be working for me, so I was unable to search for existing discussions around this.
Re: Mobile library security2/SRP6 maturity level
Posted: Thu Nov 24, 2022 11:33 am
by vikas.chandra
roberthartman wrote: ↑Wed Nov 23, 2022 1:27 pm
How mature are the Android and iOS ESP provisioning libraries with regard to security2/SRP6? We will be utilizing this scheme via ESP-IDF in firmware for a client and also developing mobile apps for them. I'm trying to figure out what we can expect from the native mobile libraries.
I did not see a discussion forum specific to the mobile libraries, so I apologize if this is not the best place to ask this. Also, the forum search feature appears to not be working for me, so I was unable to search for existing discussions around this.
Security 2 support is already present and tested in both iOS and Android library. Library determines the security version from device version information. It requires username and password to establish a secure session. Username can be parsed from QR code or it can be provided to the library as a user input or hard coded in the app. For password, library uses the Proof of Possession which was already in use for Security 1. You can refer to the latest code of both the libraries in the GitHub.