#Especially-Safe
This project demonstrates a secure Wi-Fi node for ESP32 microcontrollers from Espressif Systems, prioritizing encrypted communication with three potential layers:
- WPA2/WPA3 Wi-Fi Network Encryption (recommended for most deployments)
- TLS/SSL Encryption for secure data transfer using algorithms like AES-GCM or ChaCha20Poly1305 (depending on server and client capabilities)
- Client Certificate Authentication (optional, not implemented in this code but possible for a 3rd layer)
Features:
- Connects to a Wi-Fi network using secure WPA2/WPA3 encryption.
- Establishes a secure connection to a server using:
WiFiClientSecure
for encrypted communication.- Trusted Root Certificate Authority (CA) to verify server identity (1st layer of encryption).
- Performs an HTTP GET request to a server (optional security check using https://www.howsmyssl.com/).
- Flashes LEDs for visual indication (optional).
Hardware Requirements:
- ESP32 microcontroller (consult your specific ESP32 board's documentation)
- LEDs (red, green, blue)
- Resistors (values depend on LED specifications)
- Breadboard and connecting wires
Software Requirements:
- Arduino IDE (https://www.arduino.cc/en/software)
- ArduinoJson library (https://arduinojson.org/) (if needed for parsing server responses)
- WiFiClientSecure library (included in Arduino IDE)
Configuration:
1. Wi-Fi Credentials:
- Replace
<WIFI_SSID>
and<WIFI_PW>
in the code with your Wi-Fi network name and password.
2. Cloudflare DNS (Optional):
- Improve performance and potentially enhance security by using Cloudflare's DNS servers:
const char* dnsServerIP = "1.1.1.1";
WiFi.config(dnsServerIP); // Set DNS server after WiFi connection
3. Server and Root CA:
- The code currently uses
howsmyssl.com
for verification. You can replace the server address (server
) and root CA certificate (test_root_ca
) if needed.
Encryption Algorithms:
- Wi-Fi Encryption (assumed): WPA2/WPA3, likely using AES-CCM or similar algorithms.
- TLS/SSL Encryption: Typically uses TLS 1.2 or higher, employing AES-GCM or ChaCha20Poly1305 for data encryption and message authentication (specific algorithms depend on server and client capabilities).
Understanding the Code:
-
Includes and Definitions:
- Necessary libraries (
WiFiClientSecure.h
,Wire.h
, etc.) - Constants for screen size (if using an OLED display), LED pins, Wi-Fi credentials, server address, and the root CA certificate.
- Necessary libraries (
-
OLED Display Setup (Optional):
- Initializes the OLED display (if connected) for visual feedback.
-
Cloudflare DNS (Optional):
- Configures Cloudflare's DNS server after connecting to the Wi-Fi network.
-
LED Pin Setup:
- Configures the LED pins as outputs.
-
Wi-Fi Connection:
- Attempts to connect to the specified Wi-Fi network using the provided credentials.
- Displays connection status messages on the serial monitor.
-
Secure Client and Server Connection:
- Creates a
WiFiClientSecure
object for secure communication. - Loads the root CA certificate to verify the server's identity.
- Attempts to connect to the server using HTTPS (port 443).
- Creates a
-
HTTP GET Request (Optional):
- If connected, sends an HTTP GET request to the server and reads the response (potentially using the ArduinoJson library for parsing JSON responses).
-
LED Blinking (Optional):
- Alternates flashing red, green, and blue LEDs for visual indication (can be customized).
HowsMySSL.com Verification:
This code can be used with https://www.howsmyssl.com/ for a basic security check of the server you're connecting to.
Also I have tested this project and verified it through wiresharks logs to test the encryption.