esp-now: How can I find out if a message is encrypted or not?

[blubb]

My project switches devices on and off and is not necessarily logged onto a WiFi. So I thought esp-now is worth a try. For security reasons I need encryption so that no unauthorized sender can switch on/off my device. My understanding is that I need to register the possible receivers using

esp_now_add_peer(MAC1, ESP_NOW_ROLE_COMBO, CHANNEL, key, sizeof(key));

Now the problem is, I can still receive unencrypted messages, e.g. broadcast messages. And there is no way I can find out that they actually were unencrypted! So any attacker can easily forge messages that switch on and off my devices. How do I prevent that?

[AgentSmithers]

Depending on what information you have, you can take the senders MAC and run it through a simple algorithm.
For instance, When sending a packet

Data+Auth

If the Auth package matches your algorithm then you can trust it, but only up until someone else finds it out but if you can keep that secret then your fine. When you receive a package from the sender you'll look at the Auth code after the data (or before), crunch the same algorithm which is essentially you key in this example and confirm that that value matches the sender's Mac and call it good. That way if someone sniffs that value they will have to spoof the mac at least or figure out the algorithm by hand(don't count on this unless they have clues), but if you're trying to prevent those two from happening then you're going to be chasing a tail at some point where you just can't do much more without adding other infrastructure in the mix.

[blubb]

Hi,

thanks. After thorough testing, esp-now turned out to be that unreliable so we removed this option altogether.