Encrypted Data Vault: ESP32 Version
by Northstrix in Circuits > Microcontrollers
2604 Views, 3 Favorites, 0 Comments
Encrypted Data Vault: ESP32 Version
An encrypted data vault is a device that employs a sophisticated encryption algorithm to encrypt your data and utilizes its built-in memory to store your data in an encrypted form.
Supplies
- ESP32 x1
- 10µF capacitor x1 *optional
Encryption Algorithm
I did my best to make the encryption algorithm as secure as possible. The encryption algorithm takes eight characters (64 bits) as an input (if the input length isn't multiple of eight ASCII characters, padding is applied), generates 64 random bits (eight characters), and passes 128 bits to the AES (Advanced Encryption Standard) cipher. After that, the AES's ciphertext split into two half, 64 bits each. Each half of the AES's ciphertext then passed to the Serpent cipher alongside 64 random bits. Finally, the resulting ciphertext is the concatenation of two ciphertexts from the Serpent cipher. Random bits generated during the encryption process are disregarded during the decryption process. And by the way, if you give the algorithm the same input more than once, the output will be different every time.
Install CP210x Driver and Configure Arduino IDE *Optional
If you've never flashed ESP32 before you'll need to configure Arduino IDE and install drivers to upload the firmware to the boards, you can download the CP210x driver here: https://www.silabs.com/developers/usb-to-uart-bridge-vcp-drivers
In case you don't have Arduino IDE, you can download it here: https://www.arduino.cc/en/software/
Configuring IDE isn't a part of this tutorial, you can read about it here: https://randomnerdtutorials.com/installing-the-esp32-board-in-arduino-ide-windows-instructions/
Download Firmware
You can download the firmware here: https://github.com/Northstrix/Encrypted_Data_Vault
Location for the firmware for the device: ESP32/Encrypted_Data_Vault/Encrypted_Data_Vault.ino
I've also included some additional materials that might be useful for you. Check the extra folder.
Download and Extract the Serpent Library
You need to download the Serpent library and extract it into the folder with the sketch. Every other library already comes preinstalled with the ESP32 package.
Generate Two Keys
One of the most reliable means to generate the keys is to throw a dice, but if you trust software more than you trust dice or don't want to throw dice around your house for half an hour - I can suggest this program https://defuse.ca/passgen.htm which seems to produce a random output, but I can't guarantee this.
You can also use a Random Number Generator that I wrote. I can't guarantee that it's secure either.
This device needs two keys:
1) A key for the Serpent cipher that is 64 characters long. This key is in hexadecimal format.
2) A key for the Advanced Encryption Standard that is 16 characters long. This key is in ASCII format.
My keys are:
Serpent's key: 761087A94F7C7FBC955AC330F61A4797A2FE095D6114C7168F7C75954C5281BE
AES's key: e=Alvy+-$kI>#57?
Note that in the firmware, both keys are enclosed in quotation marks, like that: "key"
By the way, never make your keys public! I only did that because it's a tutorial, and I'm not going to encrypt my data using these keys.
Modify Firmware
Open the file Encrypted_Data_Vault.ino and replace the existing keys with those you've generated.
Flash ESP32
Some boards will flash without any problems.
Unfortunately, that's not the case for all boards. If you configured IDE correctly, installed drivers, selected the corresponding port, and still keep getting this error: A fatal error occurred: Failed to connect to ESP32: Timed out waiting for packet header, then connect a 10µF capacitor to the board while flashing.
Connect the positive lead of the capacitor to the EN pin of the ESP32;
Connect the negative lead of the capacitor (usually indicated by the gray stripe) to the GND pin of the ESP32.
Encrypt Record
Let's get to the part where this device finally does something useful.
This device encrypts passwords, notes, phone numbers, and whatever you feed to it.
I was able to encrypt and then decrypt a 704-long plaintext (5632-long ciphertext) without any problems.
To encrypt a record:
1) Open the Serial Monitor;
2) Set the baud rate to 115200;
3) Reboot the board;
4) Enter 1 into the text field, and press send;
5) Enter the plaintext into the text field, and press send;
6) Copy the Ciphertext from the text box.
Eventually, I came up with these results:
Plaintext:
Encrypted data vault is a device that employs a sophisticated encryption algorithm. The encryption algorithm takes 8 characters (64 bits) as an input (if the input length isn't multiple of eight ASCII characters, padding is applied), generates 64 random bits (8 characters), and passes 128 bits to the AES (Advanced Encryption Standard) cipher. After that, the AES's ciphertext split into two half, 64 bits each. Each half of the AES's ciphertext then passed to the Serpent cipher alongside 64 random bits. Finally, the resulting ciphertext is the concatenation of two ciphertexts from the Serpent cipher. Random bits generated during the encryption process are disregarded during the decryption process.
Serpent's key:
761087A94F7C7FBC955AC330F61A4797A2FE095D6114C7168F7C75954C5281BE
AES's key:
e=Alvy+-$kI>#57?
Ciphertext:

Decrypt Record
To decrypt a record:
1) Open the Serial Monitor;
2) Set the baud rate to 115200;
3) Enter 2 into the text field, and press send;
4) Enter the ciphertext into the text field, and press send.
Install ESP32 Filesystem Uploader
The primary purpose of the ESP32 Filesystem Uploader is to let you upload files into ESP's filesystem. In this tutorial, the purpose of this tool is to upload an empty SPIFFS image into ESP.
Download the file called ESP32FS-1.0.zip from here: https://github.com/me-no-dev/arduino-esp32fs-plugin/releases/
then extract the content of the archive into the folder: ...\Arduino\Tools\
After that, restart the Arduino IDE.
Upload an Empty SPIFFS Image Into ESP
Click Tools -> ESP32 Sketch Data Upload. Then click Yes in the pop-up window. It's going to upload an empty SPIFFS image into the ESP. I have no rational explanation for that, but after that step, the file system finally begins to work as it's intended to.
Save Record Into Built-in Memory
To save a record:
1) Open the Serial Monitor;
2) Set the baud rate to 115200;
3) Enter 3 into the text field, and press send;
4) Enter the filename into the text field, and press send;
5) Enter the content of the file into the text field, and press send;
I've chosen desc as a filename and ciphertext from the step 8 as a content.
Load Record From Built-In Memory
To load a record:
1) Open the Serial Monitor;
2) Set the baud rate to 115200;
3) Enter 4 into the text field, and press send;
4) Enter the filename into the text field, and press send;
I've entered desc as a filename.
Remove Record From Built-In Memory
To remove a record:
1) Open the Serial Monitor;
2) Set the baud rate to 115200;
3) Enter 5 into the text field, and press send;
4) Enter the filename into the text field, and press send;
I've entered desc as a filename.
List All Stored Records
I've created these three files to show you how it works.
old password
new password
whatever it can be
Filenames displayed with the slash / before them. That means that the file is stored in the root directory. When you enter the filename, you don't need to enter a slash indicating the root directory.
To list all stored records:
1) Open the Serial Monitor;
2) Set the baud rate to 115200;
3) Enter 6 into the text field, and press send;
Find a Good Use for This Device
I did my best to make this device as secure, cheap, and useful as possible. Now it's entirely up to you what to do with it.
If you like this tutorial, please share it.
Thank you for reading this tutorial.