Once a lock is setup it should be turned on at the factory and the MAC and public key should be extracted. These two things should be encoded into a QR code so that setup is as simple as scanning the QR code and the app automagically connects and runs the setup.
The source of truth for the proto file will be the Kotlin Serializable classes ProtocolMessage and
CryptoMessage. To export the proto file when making changes to these classes we could use a gradle
task. This task could even use nanopb or whatever we end up using to generate the code for the lock
and already do all that for us. #gradle_magician
This complicates stuff quite a bit. We can no longer just pass a variable to the protocols and then they calculate stuff or whatever, instead they will have to be functions that we pass in.
On top of that a huge problem is using the libsodium library with keys that we don't have access to. We might have to create our own "libsodium clone" that does the same stuff, but is implemented using Android/iOS secure storage.
Android info: https://developer.android.com/privacy-and-security/keystore iOs info: (Secure Enclave)
If the platform HSMs don't support the libsodium algorithms or it's too hard to implement the library we would need, we can instead store the user's keys somewhere where we can access them, but encrypt the keys with a key that is stored in the HSM, so that the user's key material can only be accessed once it is decrypted which would require the app to be running or the user to have authorized it or whatever.