Atmel Blog The Hashlet made the Atmel Blog! Check it out here! Overview The Hashlet is secure authentication device on a mini-cape designed for the BeagleBone Black (BBB) or the Raspberry Pi. It ...Read More…
The Hashlet made the Atmel Blog! Check it out here!
The Hashlet is secure authentication device on a mini-cape designed for the BeagleBone Black (BBB) or the Raspberry Pi. It provides an external hardware random number generator, performs the SHA-256 algorithm in hardware, and can store up to sixteen 256-bit keys in write and read protected memory.
The chip on the Hashlet is the powerful Atmel ATSHA204. This device's datasheet is 80 pages long! This device comes with free software (GPLv3) developed by Cryptotronix that provides a Command Line Interface (CLI). The CLI is easy to use and abstracts the complex details. The code is available on GitHub and comes with README that shows all the implemented commands.
Design files are available on Github. Currently, the schematic is posted and Eagle CAD files will be posted shortly.
The Hashlet is assembled and tested by Cryptotronix prior to shipping. Upon receipt, simply slip the board on the top of the expansion header and the device is ready. The device uses
/dev/i2c-1, which is enabled by default so there are no device-tree files that have to be installed.
The data sheet for the Atmel ATSHA204 can be found on Atmel's website.
Random data is easily produced with the one-line command:
hashlet random 62F95589AC76855A8F9204C9C6B8B85F06E6477D17C3888266AEE8E1CBD65319
Generating a MAC is straightforward:
hashlet mac --file test.txt mac : C3466ABB8640B50938B260E17D86489D0EBB3F9C8009024683CB225FFFD3B4E4 challenge : 9F0751C90770E6B40E34BA8E06EFE453FAA46B5FB26925FFBD664FAF951D000A meta : 08000000000000000000000000
The MAC is the response of the device, the challenge is the SHA256 of the input file, and the meta-data is data that is associated with this operation.
To verify the response:
hashlet check-mac -r C3466ABB8640B50938B260E17D86489D0EBB3F9C8009024683CB225FFFD3B4E4 -c 9F0751C90770E6B40E34BA8E06EFE453FAA46B5FB26925FFBD664FAF951D000A -m 08000000000000000000000000
The command will simply return an exit code of 0 on success, which makes it easy to incorporate into other scripts.
Generating random numbers. You can use the Hashlet to mix in entropy with
/dev/random or use the data directly for key generation. See this tutorial for details on accessing the random number generator.
Message Authentication Codes (MACs). Using a hash function alone only provides a guarantee of message integrity, i.e. that the data has not changed. However, if a hash is combined with a shared secret key, it can also provide authentication in the form of a MAC. The Hashlet can quickly perform a MAC with the following command:
hashlet mac --file test.txt
Remote verification. If your BBB is transmitting messages to a remote server and the BBB uses the Hashlet to transmit a MAC with the message, the remote server can verify the message originated from the BBB. This is useful in scenarios where you need assurance of the message authenticity.
Slip the Hashlet onto the top of the P9 Header as shown in the pictures.
Slip the Hashlet on the top (P1) of the Pi expansion headers as shown in the pictures.
Feel free to contact me if you have questions or comments.
Shipping is via USPS Priority Mail. It's a flat rate of $5.15 with tracking and insurance and will arrive between 2 - 3 business days.
International shipping rates vary by country. Please inquire about shipping rates to your country and I will add the rate. International packages ship via USPS International first class and delivery dates vary.
This component is subject to U.S. Export Controls as is classified as ECCN: 5A992.B.
Bill | Dec. 5, 2014
Tim | Jan. 24, 2014
We recognize our top users by making them a Tindarian. Tindarians have access to secret & unreleased features.
We look for the most active & best members of the Tindie community, and invite them to join. There isn't a selection process or form to fill out. The only way to become a Tindarian is by being a nice & active member of the Tindie community!