19
Even if you aren’t concerned about security, you need to be aware of this if you want to be able to
use Sun SPOTs interchangeably amongst two or more SDK installations. See the section Sharing
Sun SPOTs.
Changing the owner of a Sun SPOT
Once set, only the owner can change the public key remotely, although anyone who has physical
access to the Sun SPOT can also change the public key. If user B wishes to use a Sun SPOT device
previously owned by user A, they can become the new owner in one of two ways:
•
If user B does not have physical access to the device, user A can use the command
ant deletepublickey
to remove their public key from the Sun SPOT. User A can also use this procedure remotely,
for example
ant deletepublickey -DremoteId=0014.4F01.0000.0006
User B can then deploy an application to the remote spot using a command like
ant deploy -DremoteId=0014.4F01.0000.0006
and will become the new owner automatically. During the time that the device has no owner
(after user A has executed
deletepublickey
and before user B has executed
deploy
) the
Sun SPOT will be exposed to attackers (a third user C could become its owner before user
B). For this reason, if security is critical, we recommend replacing the public keys only via
USB.
•
If user B has physical access to the device, they can connect the device via USB and execute
ant deploy
In both cases, if a customised library has been flashed to the Sun SPOT, it must be re-flashed by
user B so that the library is signed using user B’s private key. This means that user B must also
execute
ant flashlibrary
This command cannot be executed remotely. Note that this procedure is not necessary if the library
has not been customised, as verification for the factory-installed library is handled differently.
Sharing Sun SPOTs
If you want to share Sun SPOTs between two or more SDK installations or users, you have to
ensure that the SDK installations and users share the same key-pair. To do this, start by installing
each SDK as normal. Then, copy the key-pair from one “master” user to each of the others. You can
do this by copying the file
sdk.key
from the
sunspotkeystore
sub-directory of the “master” user’s
home directory and replacing the corresponding file in each of the other user’s
sunspotkeystore
directories.
You then have to force the master’s public key onto each of the Sun SPOTs associated with the
other installations. The simplest way to do this is to re-deploy the application via USB