Hello,
I trying to play with Wifi functions to add and remove wifi within my code. At one point I did some mistakes and had to recover the device using “particle setup”.
When I did that, I saw an unencrypted photon-<code> wifi network appearing in the list of available WIFI.
I’ve one question: Can somebody confirm that passphrases are not transmitted in clear over this unencrypted wifi during the setup phase?
Thanks
Yes, the Wi-Fi password is encrypted.
The SoftAP setup Wi-Fi network (Photon-xxxx), which is only activated in listening mode (blinking blue), is not password protected, but it also does not have access to anything other than the device itself.
When the setup applications (such as the phone apps) send the password, it’s encrypted with RSA using the public key of the Photon device. This can only be decrypted using the private key of the device, which is only known by the Photon itself, so the password cannot be retrieved by sniffing the data stream.
Thank rickkas7,
I’m a bit releaved. So I assume that when I use the command line “particle setup” or “particle setup wifi”, it transmit the passphrase of the new WIFI that the Photon should connect to solely over the serial connexion or using the secure method described in your post if using the Photon-xxxx temporary WIFI.
If there are more detailed documentation (than what is already listed in the reference doc) on how “particle setup wifi” and other wifi function are working, I would be more than eager to read them.
P.S. I will update the title of this discussion to make it more relevant to the topic.
Yes, that is correct. The CLI either uses USB serial, or if it uses Wi-Fi listening mode configuration, it encrypts the password. I’m not sure if there’s detailed documentation for it. I verified that it was the case by reading the open source.
The softap-setup-js project is the library for configuring devices over Wi-Fi. It’s used by the CLI when doing configuration over Wi-Fi:
The CLI itself is here:
And the phone apps are here: