THIS IS A WORK IN PROGRESS...
Simple Server to securely control GPIO on RPi Hardware. I use this to open my garage door at home. Used together with gdo-client but also provides a rudimentary web interface to use as standalone.
I use an old Raspberry Pi model B that I have hooked up to my remote control for the garage door. I run Apache2 on it together with mod_wsgi to run my server software, that enables clients to connect and activate the GPIO pin that is being used to activate the remote for the garage.
Since I really don't want anyone else opening my garage door, I tried to implement a couple of safe guards to prevent common attacks:
- I'm using letsencrypt to encrypt web traffic.
- A pin can only be activated with a passphrase (don't worry it isn't the one found on this repo... I use a crazy long one irl.)
- The server provides 64 bytes of
saltthat is valid for 60 seconds and can only be used once. (Thesaltcomes from/dev/urandomand the server waits for a random fraction of a second before sending thesalt, to make it more robust against timing attacks) SHA3-512is being used together with thesaltfor transmitting the salted and hashed passphrase.
Those are the safeguards I was able to come up with, but as it stands with cryptography, usually something believed to be safe in reality ever so often isn't, so fingers crossed.