Get It
Once you've got your IoT printer all set up, we're going to need to do a bad thing and hook it up to a network so we can download some code. Head on over to GitHub, and clone the repo onto your local box. To do that, ssh into the pi and run the following command from somewhere in your home directory:git clone https://github.com/iworkinpixels/otp-gen.git
Read It
Here's a quick tour through the code:- otp.sh is a bash script that will generate random numbers, and dump the final one time pad to a text file. This text file will later be sent to the printer every time you press the button on the IoT printer. It runs on every startup, so you should have a new pad every time you start up the printer. Make sure that this is the case, because you can't use the same pad twice.
- otp.py is the python script that gets run when you start up your IoT printer. It listens to the button and prints a copy of the otp text file every time you press the button, and shuts down the pi if you hold down the button.
- otp.txt is an example of the text file that has the one time pad in it. Open it up if you want to take a look without wasting paper. The real otp.txt is written to a ramdisk so that it never goes to the SD card, and is therefore destroyed whenever you shut off the box.
Enable it
First, we need to enable the hardware random number generator. Make sure you are using the appropriate commands for the version of the Raspberry Pi you are using.
Raspberry Pi v1 & v2
Enable the random number generator module:
sudo modprobe bcm2708-rng
This will add the driver for the rng once, but if we want it to show up again after we reboot, we need to add it to /etc/modules-load.d using the following command:
echo bcm2708-rng | sudo tee /etc/modules-load.d/rng-tools.conf
Raspberry Pi v3
Enable the random number generator module:
sudo modprobe bcm2835_rng
This will add the driver for the rng once, but if we want it to show up again after we reboot, we need to add it to /etc/modules-load.d using the following command:
echo bcm2835_rng | sudo tee /etc/modules-load.d/rng-tools.conf
sudo apt-get install rng-tools
These tools will let us test the numbers we get and make sure they're really random. We won't go into how to do that here, but check out this link to learn more.
Test It
Let's test it out and see if everything works! go to wherever you downloaded the otp-gen repo to, and run the following command:./otp.sh
This should take a long time to run, but when it's finished, you should have a brand-new one time pad waiting for you in the same directory! Assuming there were no errors, your next step is to open up the file and see what's in there!
sudo nano otp.txt
You should be looking at something that looks a little bit like this:
EFXIAKBHAT 1/10 AFWXH VYLLW CJHZA WWHCF VAEAI FWXXQ ARLFU GFCTG MAZSY EHBGP OUVHS FQLBM DGIXN TLHTZ RMFLN CCVDN IKQIZ XKZCC UZFZH RVBGX PQLKC XFHHK MEKHQ HDEJL RPKIK TTZEX JNAXJ MJXCW AGVIS DKUZJ VYTQU LUVID HXCTE XWFXA PAGKH IYXQK LYBJN JQJCV YLOGP VJJUP -------------------------------- EFXIAKBHAT 2/10 JPMVQ FSMCY WLWVH YBIVR HGQHH FKUAZ YIALB EVIIW IPUEL LESFN TJQRJ GYDXT JFYJI UXQPM HTQDU TCGDY UZCGS WFSRT KMQPJ MBEAJ KZQQC LHLPS XMERF IHRMB RWSDM LDVAY TUOWM TUIIP FZSZG NCKBJ PXCUR XMZHZ OVEAP EIJZK YWIDY FPTAA HXQZC XAUQN FYKEZ FDNTG -------------------------------- [...] EFXIAKBHAT 10/10 PADNW MQGYF PAJMU GCVHK YYEFY YIAVW SPIRE IMIPQ ILWJU BTKNH CNFFF QSXTG AFGBC WIJCU DOPJP HMLLY HCZIR RMSTQ ZRUDR NXMFS QMOGV RJGKC JTJXY MINUZ QMEPB EAYYC GHDJF EVAHM ZKRYI VXNUA GERDJ FPRZX SIRKO XPCAD WHJHW JNLXS OCMAR BGHRU NBXQB SFCMP --------------------------------
(If your file looks *exactly* like that, then there's a problem, and otp.txt isn't being overwritten.)
Deploy It
Assuming everything worked, there's only one step left... we have to hook everything up so it runs when the machine starts!sudo nano /etc/rc.local
Then replace the file with the following:
#!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. # # By default this script does nothing. # Print the IP address _IP=$(hostname -I) || true if [ "$_IP" ]; then printf "My IP address is %s\n" "$_IP" fi cd /home/pi/otp-gen ./otp.sh python ./otp.py & exit 0
Be sure to change the directory from /home/pi/otp-gen to whatever the path to your actual otp-gen directory is.
And that's it! Let's reboot the pi!
And that's it! Let's reboot the pi!
sudo shutdown -r now
If all goes well, you should get kicked off of your ssh session, and a few minutes later (after waiting for the new pad to be generated) the printer should print out a warning that it's on a network, a welcome message, and then pause.
Every time you press the button after that point, one copy of the pad will be printed. If everything works, then congratulations! You now have a stand-alone one time pad generator. You'll have to find a secure way of getting one copy of the pad to each of your friends, but if you can, then you'll have lots of fun sending super secret messages using state of the art (in WWII) technology!
Next up, security!
Every time you press the button after that point, one copy of the pad will be printed. If everything works, then congratulations! You now have a stand-alone one time pad generator. You'll have to find a secure way of getting one copy of the pad to each of your friends, but if you can, then you'll have lots of fun sending super secret messages using state of the art (in WWII) technology!
Next up, security!
