SecureGen v2.0 + v2.1 — What We Built Over the Last Few Months

If you haven't seen SecureGen before — it's an open-source hardware security device on the LILYGO T-Display ESP32. TOTP/HOTP authenticator, encrypted password manager, BLE HID keyboard, and a web management cabinet with 8 layers of application-level security. No cloud, no app, no trust required. Two major releases dropped since the last post. Here's what changed and why it was technically interesting. v2.0.0 — The Security Rewrite AES-256-GCM Transport Encryption The original web transport used XOR — fast to implement, completely wrong for production. v2.0 replaced it with a full ECDH P-256 key exchange + HKDF-derived AES-256-GCM session key. Every request and response body is now encrypted end-to-end, with GCM providing authenticated encryption — tampered data is rejected, not just unreadable. This runs without TLS certificates. The device has no CA infrastructure, no HTTPS, and works in AP mode with no internet. The encrypted channel is entirely application-layer. PIN-Encrypted Devic

SecureGen v2.0 + v2.1 — What We Built Over the Last Few Months

Related Articles

Predicting home electricity usage based on historical patterns in Home Assistant

When Writing Becomes Detached From Thought

Infinite Lists in Lean

The art of calling it: Bugs

The Univah Black Box Gift

Related Articles

News
Predicting home electricity usage based on historical patterns in Home Assistant
Lobsters • 2h ago

News
When Writing Becomes Detached From Thought
Lobsters • 2h ago

News
Infinite Lists in Lean
Lobsters • 2h ago

News
The art of calling it: Bugs
Medium Programming • 2h ago

News
The Univah Black Box Gift
Medium Programming • 3h ago