v1.68: improvements to pin-pairing

README.html

@@ -1,6 +1,6 @@
 <h1
-id="uxplay-1.67-airplay-mirror-and-airplay-audio-server-for-linux-macos-and-unix-now-also-runs-on-windows.">UxPlay
-1.67: AirPlay-Mirror and AirPlay-Audio server for Linux, macOS, and Unix
+id="uxplay-1.68-airplay-mirror-and-airplay-audio-server-for-linux-macos-and-unix-now-also-runs-on-windows.">UxPlay
+1.68: AirPlay-Mirror and AirPlay-Audio server for Linux, macOS, and Unix
 (now also runs on Windows).</h1>
 <h3
 id="now-developed-at-the-github-site-httpsgithub.comfdh2uxplay-where-all-user-issues-should-be-posted-and-latest-versions-can-be-found.">Now
@@ -9,9 +9,13 @@ href="https://github.com/FDH2/UxPlay">https://github.com/FDH2/UxPlay</a>
 (where ALL user issues should be posted, and latest versions can be
 found).</h3>
 <ul>
-<li><em><strong>NEW in v1.67</strong>: support for one-time Apple-style
-“pin” code client authentication (“client-server pairing”) when the
-option “-pin” is used.</em></li>
+<li><em><strong>NEW in v1.68</strong>: improved support for one-time
+Apple-style “pin” codes introduced in 1.67: a register of pin-registered
+clients is now optionally maintained to check returning clients; a
+simpler method for generating a persistent public key (based on the MAC
+address, which now can be set in the UxPlay startup file) is now the
+default. (The pem-file method introduced in 1.67 is still available with
+the ’-key” option.)</em></li>
 </ul>
 <h2 id="highlights">Highlights:</h2>
 <ul>
@@ -461,12 +465,17 @@ clients to “pair” with the UxPlay server the first time they connect to
 it, by entering a 4-digit pin code that is displayed on the UxPlay
 terminal. (This is optional, but sometimes required if the client is a
 corporately-owned and -managed device with MDM Mobile Device
-Management.) Pairing occurs just once, is curently only recorded in the
-client, and persists unless the UxPlay public key (stored in
-$HOME/.uxplay.pem, or elsewhere if option
-<code>-key &lt;filename&gt;</code> is used) is moved or deleted, after
-which a new key is generated. (Non-Apple clients might not implement the
-persistence feature.)</p></li>
+Management.) Pairing occurs just once, is currently only recorded in the
+client, and persists unless the UxPlay public key is changed. By default
+(since v1.68) the public key is now generated using the “Device ID”,
+which is either the server’s hardware MAC address, or can be set with
+the -m option (most conveniently using the startup option file).
+(Storage of a more securely-generated persistent key as an OpenSSL “pem”
+file is still available with the -key option). For use of uxplay in a
+more public environment, a list of previously-registered clients can
+(since v1.68) be optionally-maintained using the -reg option: without
+this option, returning clients claiming to be registered are just
+trusted and not checked.</p></li>
 <li><p>By default, UxPlay is locked to its current client until that
 client drops the connection; since UxPlay-1.58, the option
 <code>-nohold</code> modifies this behavior so that when a new client
@@ -895,6 +904,14 @@ UxPlay startups. As long as this file is not deleted or moved, a client
 will not have to re-authenticate after an initial authentication.
 <em>(Add a “pin” entry in the UxPlay startup file if you wish the UxPlay
 server to use this protocol).</em></p>
+<p><strong>-reg [<em>filename</em>]</strong>: (since v1.68). This option
+maintains a list of previously-pin-registered clients in
+$HOME/.uxplay.register (or optionally, in <em>filename</em>). Without
+this option, returning clients claiming to be already pin-registered are
+trusted and not checked. (This option may be useful if UxPlay is used in
+a more public environment, to record client details; the register is
+text, one line per client, with client’s public key (base-64 format),
+Device ID, and Device name.)</p>
 <p><strong>-vsync [x]</strong> (In Mirror mode:) this option
 (<strong>now the default</strong>) uses timestamps to synchronize audio
 with video on the server, with an optional audio delay in (decimal)
@@ -1107,13 +1124,27 @@ card, (more specifically, the MAC address used by the first active
 network interface detected) a random MAC address will be used even if
 option <strong>-m</strong> was not specified. (Note that a random MAC
 address will be different each time UxPlay is started).</p>
-<p><strong>-key [<em>filename</em>]</strong>: By default, the storage of
-the Server private key is in the file $HOME/.uxplay.pem. Use the “-key
-<em>filename</em>” option to change this location. This option should be
-set in the UxPlay startup file as a line “<code>key filename</code>” (no
-initial “-”), where <code>filename</code> is a full path. The filename
-may be enclosed in quotes (<code>"...."</code>), (and must be, if the
-filename has any blank spaces).</p>
+<p><strong>-key [<em>filename</em>]</strong>: This (more secure) option
+for generating and storing a persistant public key (needed for the -pin
+option) has been replaced by default with a (less secure) method which
+generates a key from the server’s “device ID” (MAC address, which can be
+changed with the -m option, conveniently as a startup file option). When
+the -key option is used, a securely generated keypair is generated and
+stored in <code>$HOME/.uxplay.pem</code>, if that file does not exist,
+or read from it, if it exists. (Optionally, the key can be stored in
+<em>filename</em>.) This method is more secure than the new default
+method, (because the Device ID is broadcast in the DNS_SD announcement)
+but still leaves the private key exposed to anyone who can access the
+pem file. Because the default (but “less-secure”) “Device ID” method is
+simpler, and security of client access to uxplay is unlikely to be an
+important issue, the -key option is no longer recommended.</p>
+<p>By default, the storage of the Server private key is in the file
+$HOME/.uxplay.pem. Use the “-key <em>filename</em>” option to change
+this location. This option should be set in the UxPlay startup file as a
+line “<code>key filename</code>” (no initial “-”), where
+<code>filename</code> is a full path. The filename may be enclosed in
+quotes (<code>"...."</code>), (and must be, if the filename has any
+blank spaces).</p>
 <p><strong>-dacp [<em>filename</em>]</strong>: Export current client
 DACP-ID and Active-Remote key to file: default is $HOME/.uxplay.dacp.
 (optionally can be changed to <em>filename</em>). Can be used by remote
@@ -1463,6 +1494,11 @@ an AppleTV6,2 with sourceVersion 380.20.1 (an AppleTV 4K 1st gen,
 introduced 2017, running tvOS 12.2.1), so it does not seem to matter
 what version UxPlay claims to be.</p>
 <h1 id="changelog">Changelog</h1>
+<p>1.68 2023-12-25 Introduced a simpler (default) method for generating
+a persistent public key from the server MAC address (which can now be
+set with the -m option). (The previous pem-file method is still
+available with -key option). New option -reg to maintain a register of
+pin-authenticated clients.</p>
 <p>1.67 2023-11-30 Add support for Apple-style one-time pin
 authentication of clients with option “-pin”: (uses SRP6a authentication
 protocol and public key persistence). Detection with error message of