A developer builds a Linux implementation of Apple/Google's COVID-19 Exposure Notifications protocol from scratch, covering Bluetooth Low Energy advertising via BlueZ, cryptographic key derivation using HKDF-SHA256 and AES-128 (including a detour around libsodium's lack of ECB mode support), SQLite-backed state management, and a Python script for querying/uploading keys to Canada's open-source COVID Alert server. The post details practical hurdles: BlueZ's missing advertising API, outdated Debian packages, HMAC-guarded endpoints, and a nil-dereference bug in the Go server that prompted a pull request. The result is a functional open-source Linux contact tracing daemon called liben.
Sort: