get in touch

Ephemeral Key Registration & Unlocking a Door (Advanced)

User ephemeral keys, Ed25519, certificate chains and digital signatures using EdDSA

* Our SDK takes care of the below features. Please read for more information only if you are an advanced user.

In this article we’re exploring user ephemeral keys, Ed25519, certificate chains and digital signatures using EdDSA – all of this to unlock a door!

It’s not as bad as it sounds and our SDK handles pretty much all of this, but explaining it is an important step to understanding our platform.

Prerequisites

The examples in this article need a slightly newer version of openssl than you may have by default, we tested this article against openssl 3.1.4, the following command should produce a successful result:

  • openssl genpkey -algorithm ed25519

Concepts

Ed25519 is a public key signature system – that means you have a private key which you can use to sign things and a public key that anyone can use to verify your signature is correct, these properties are very useful for us, we rely upon digital signatures extensively to ensure the right person is performing an action.

EdDSA just stands for Edwards Digital Signature Algorithm, it’s the actual algorithm used to calculate signatures, where as Ed25519 is technically the name of a curve the whole scheme is based on.‍

If you’ve used RSA in the past, Ed25519 is very similar, just smaller and faster.

Ephemeral Key Registration

Every time a user logs into a new device, we generate a new Ed25519 keypair and ask Doordeck to sign it in the form of a keychain, we can perform these steps manually, let’s start by generating a keypair.

  • openssl genpkey -algorithm ed25519 -outform DER -out private.key

Extract the public key

  • openssl pkey -inform DER -in private.key -pubout -outform DER -out public.key

We need to wrap the public key in base 64 encoding to be able to send it to Doordeck:

  • cat public.key | base64 > public.base64.key

Now we can send it to Doordeck using an auth key generated from the previous article; currently we need to use the development endpoint – we’ll save the response to a file called certs.json

  • curl “https://api.doordeck.com/auth/certificate”  \
    -X POST   -H “Authorization: Bearer $TOKEN”  \
    -H ‘content-type: application/json’  \
    –data-binary “{\”ephemeralKey\”:\”`cat public.base64.key`\”}” > certs.json

This endpoint tells us our newly generated certificate chain and our Doordeck user ID which we need for certain operations, such as having a door shared with us. We’ll be using this information later so hold onto it.

Get A Door

Whilst I could jump straight into unlocking a door, you probably haven’t got one setup yet, so I’ve thrown together a basic HTML form where you can input your user ID as displayed from the last step:

  • cat certs.json | jq .userId

Visit https://api.doordeck.com/demo/ and put your user ID in.

Unlock It! ‍

Now we need to construct a signed JWT request and send it to Doordeck to forward onto the Demo door – this is surprisingly similar to the OpenID token we created in the previous article since OpenID is built on top of JWT!

The header is easy, we take the certificate chain from the last step and put it in the ‘x5c’ field, we then specify our algorithm, EdDSA and ‘typ’ as ‘JWT’, e.g.

  • {
     “typ”: “jwt”,
     “x5c”: [
       “MII…”,
       “MII…”,
       “MII…”,
       “MII…”
     ],
     “alg”: “EdDSA”
    }

Most certificates start with MII but replace them with actual certificates as shown in the last step, in the same order.

The body is where we specify the door we want to unlock and how long our request is valid for, e.g.:

  • {
     “iss”: “YOUR_USER_ID”,
     “sub”: “ad8fb900-4def-11e8-9370-170748b9fca8”,
     “operation”: {
       “type”: “MUTATE_LOCK”,
       “locked”: false
     },
     “exp”: 1550497860,
     “iat”: 1550497800,
     “nbf”: 1550497800
    }

You’ll have to adjust a few fields in this JSON example, specifically you should put your user ID from the last step in the ‘iss’ field (as you’re issuing the command), the subject here is the demo door ID so you can leave that the same, but you’ll need to set the ‘iat’ and ‘nbf’ fields to the current Unix timestamp in seconds then the ‘exp’ field to the current Unix timestamp + 60 seconds, this is adjustable but 60 seconds is a sensible default.‍

As JWT goes, we have to BASE64URL encode the header then the body and concatenate them with a ‘.’ period in between.

  • alias base64url=”base64 | sed ‘s/+/-/g;s/\//_/g;s/=//g'”
    echo -n ‘{“typ”:”jwt”,”x5c”:[“MII…”,”MII…”,”MII…”,”MII…”],”alg”:”EdDSA”}’ | base64url
    echo -n ‘{“iss”:”YOUR_USER_ID”,”sub”:”ad8fb900-4def-11e8-9370-170748b9fca8″,”operation”:{“type”:”MUTATE_LOCK”,”locked”:false},”exp”:1550497860,”iat”:1550497800,”nbf”:1550497800}’ | base64url

Combine these and perform a signature calculation.

  • echo -n eyJ0eXAiOiJqd3QiLCJ4NWMiOlsiTUlJLi4uIiwiTUlJLi4uIiwiTUlJLi4uIiwiTUlJLi4uIl0sImFsZyI6IkVkRFNBIn0K.eyJpc3MiOiJZT1VSX1VTRVJfSUQiLCJzdWIiOiJhZDhmYjkwMC00ZGVmLTExZTgtOTM3MC0xNzA3NDhiOWZjYTgiLCJvcGVyYXRpb24iOnsidHlwZSI6Ik1VVEFCTEVfTE9DSyIsImxvY2tlZCI6ZmFsc2V9LCJleHAiOjE1NTA0OTc4NjAsImlhdCI6MTU1MDQ5NzgwMCwibmJmIjoxNTUwNDk3ODAwfQo > token
    openssl pkeyutl -sign -inkey private.key  -rawin -in token | base64url

Phew, almost there! That command should output a signature in Base64Url format, e.g.

  • lA-iqBxlWd5JHT15_72dOQmFqglWrmJEVX2_-
R0ZCelZrejquDJLMGAJV_8YpRD3cWaWDMCalB2Zc7juD4uXCQ

Combine it all together and you get a complete JWT token which we can now send to Doordeck.

  • curl ‘https://api.doordeck.com/device/ad8fb900-4def-11e8-9370-170748b9fca8/execute’ \
     -X POST \
     -H ‘authorization: Bearer TOKEN’ \
     -H ‘content-type: application/json;charset=UTF-8’ \
     –data-binary “$JWT”

Sending this command should trigger the animated virtual door at https://demo.doordeck.com/, don’t forget, you may need to update the expiry time of your JWT since generating the initial payload.

"Sentry’s smart software solution provides the ability to scale and modernize our full portfolio whilst simultaneously enhancing the level of security that our buildings have."
Tobie ChapmanEstates Manager, Colliers
"Sentry’s solutions have been instrumental in amplifying our commitment to innovation. It seamlessly blends with our mission of providing smarter buildings for our customers."
Megan PatelFacilities Manager, BE Offices
"We’ve chosen Sentry as the go-to solution for all our future sites, making it the gold standard for access control in our spaces. This decision ensures that every new location benefits from the same consistent, streamlined, and secure entry experience."
Ben NewtonHead of Operations, Patch
"We have two sites each with different access control systems, neither of which support smartphone access. We were worried we'd have to start from scratch at huge cost but the Sentry Mobile Access system has slotted in right alongside. It's inexpensive, simple to install, and easy to operate"
TomDirector at Cowork
"Since integrating Sentry Mobile Access with our existing ACT door access control hardware we have been able to provide smartphone touch free door entry to our tenants, particularly important during these times where tenants need to feel at ease"
FreddyCEO at Savvy
"I can strongly recommend their mobile access software solution works perfectly alongside my existing Paxton access control hardware"
LisaFD at Estate Insurance Group (EIG)
"Being a multi-tenant building landlord, I need to be able to provide access for multiple tradespeople, and have visibility of the comings and goings to ensure my buildings are secure and run efficiently. Being able to issue visitor passes for specific entry and exit times solves the need to be at the building to let the workmen in".
NickChairman at Property Consolidation, LLP
"Sentry Interactive was the logical access system for us. The UI is intuitive and easy to navigate, and when we need support the team are beyond helpful. We'd highly recommend Sentry Mobile Access to anyone".
SarahProgram Manager at Cisco
"Big fan of Sentry Mobile Access! The app is really easy to use and if you have any problem the support team is really quick and helpful. Everyone in the office comments on how fantastic it is".
ChristillManager at Rainmaking Loft
"It was simple and straight forward to operate, easy and simple to install on my Android phone. I am really impressed. This block also had electronic gates, which I did use, again worked well to get in".
MarkElectrician, RMG Managed Property
"I love Sentry Interactive. It's made my life easier and helped provide additional logs of all time stamped comings and goings from the building. It’s also help me to save money and time".
ArilmaOffice Manager, Property Consolidation LLP
"It seems super safe. The app is really well designed and easy to use. The widget is very convenient to open the door from a distance (especially in times of Covid, when it is nice to avoid touching door handles, etc)".
PedroTenant, RMG Managed Property
“I ended up with a large amount of empty office space that I didn't know what to do with following the pandemic. Sentry Interactive was the perfect solution to sub let the space for coworking. This enabled me to turn desks into hot desks to enable flexible working and use for existing employees that wanted to return to the office”.
LucMD at Liberty Resourcing, Ltd
“Sentry Mobile Access is exactly what I need. I required a room to perform consultations with clients and found an existing office that would be ideal. I pay for the room only when I need it, I turn up and tap to unlock. I can even unlock with one tap on my Apple Watch. It’s simple and easy”.
CharlotteCEO and Founder at The Health Nutritionist
“I required a place to work from and host client meetings in downtown Lisbon. I book and pay for the meeting room a few times a week. To enter the meeting room I use NFC on my iPhone and touch the phone against the tile that has an NFC chip built-in to unlock the door. The Sentry app is easy and quick to use. Works just how I need it too”.
LéoCreative Art Director at LB Dsgns
“After WFH for sometime I got tired of the lack of space, distractions and no separation between work and home. I wanted some flexible workspace every now and then but didn’t want to pay WeWork prices. My friend recommended Sentry Interactive to be able to hot desk at the same place she does. It’s simple to book and pay for the space as and when I need it. All I need is my smartphone to unlock the office door for the time I’ve paid for”.
EliseCRO Specialist at Swift Monkey
“Being a multi-tenant landlord for a few office buildings there are times when space isn’t being used fully. I was able to use Sentry Mobile Access to help fill up the empty space I had when tenants couldn’t come up with internal uses for it. It’s been easy to attract new flexible workspace tenants thanks to Sentry’s app”.
NickChairman, Property Consolidation, LLP
Sentry Interactive
© Copyright 2025 Sentry Interactive

Privacy Policy

William Bainborough

Board of Directors

William is an experienced British entrepreneur, founder, and accomplished board executive and advisor for a number of businesses. He is the CEO and co-founder of Doordeck, the world’s only true cloud-based access control aggregator. He is also the managing director and founder of Group Secure, a leader in providing security, CCTV, and access control solutions, products, and installation for high-net-worth individuals in the UK. 

William established his first business at just seventeen and brings 20-plus years of in-depth experience and industry knowledge. He has a proven track record for building businesses from the ground up—and then leading them to profitability and a successful exit across a myriad of sectors including hospitality, retail, security, telecommunications, and e-commerce. William’s leadership, vision, and experience in creating cutting-edge SaaS-based technology platforms will prove invaluable for Sentry Interactive moving forward.

Denis Hébert

CHAIRMAN & CEO

Hébert began his career at Honeywell International where he held several leadership positions including Managing Director for the Automation and Controls business in France and eventually President of the NexWatch Corporation from 1999-2002. Hébert led HID Global as President & CEO over a transformative 12-year period from 2002-2015, where he provided strategic guidance and grew the business tenfold through a mix of strong organic and acquisitive growth. Most recently, Hébert was President of Feenics Corporation which is a cloud-based access control company that was successfully sold to ACRE LLC at the end of 2021. Hébert also served on the Board of Directors for the Security Industry Association (SIA) from 2009-2020 and was nominated to be Chairman of the Board for SIA from 2016-2018. He is currently Chairman of the Board for Nightingale Security based in Newark, CA.

Stephen Taylor Matthews

Board of Directors
Stephen is a very accomplished attorney, member of the Texas State Bar, licensed commercial real estate broker, and an avid philanthropist. He is an experienced executive board member, serving in leadership positions for more than 20 community councils and corporate boards—ranging from Boy Scouts of America to the ABBA Business Leaders Council, and most recently the American Bank BOD, the Real Estate Council of Austin, and the Marbridge Foundation BOT. With more than 35 years experience, Stephen and his firm, Barrond & Adler, L.L.P. are devoted to eminent domain cases in Texas.

Jon Davis

Board of Directors

Mr. Davis is an Experienced corporate board member, having served on boards of public, private equity-backed, and venture-backed companies. Jon possesses deep industry expertise in dairy, food processing, food technology and manufacturing, and food, beverage, and entertainment services. 

During Jon’s tenure of 25 plus years, he’s led operations, research and development, and mergers and acquisitions. He’s served as CEO and has been the founder and active board member for many successful enterprises—from startups to billion-dollar corporations. While COO and CEO of Davisco Foods International, Jon built a state-of-the-art cheese plant which was awarded the United States Dairy processing plant of the year in 2005 by Dairy Foods magazine. Currently, Jon is active with several non-dairy projects, including investments in local real estate, the Wayzata Brewworks, and his latest venture the new CōV restaurant in Edina’s Galleria.

Joe Caldwell

Founder and Chairman of the Board

Joe is an American entrepreneur, investor, and accomplished executive. He has co-founded, founded, and led many successful businesses, including US Internet, a leading fiber internet service provider, Securence, a leading provider of email filtering software, and Ravon, an industry-leading digital voice communications service. 

It was Joe’s venture, Municipal Parking Services (MPS), that inspired him in 2020 to start Sentry Interactive, an advanced touchless and staffless detection platform.

Caldwell currently serves as CEO and Chairman of the Board for Municipal Parking Services (MPS), a global tech company based in Austin, TX responsible for inventing and patenting technologies that assist in parking and security enforcement.

Joe was named one of Minnesota’s 500 Most Powerful Business Leaders for the past two years—and is a seasoned corporate board member. He’s served on boards of public, private equity-backed, and venture-backed companies—and has deep industry expertise in all aspects of digital technology.

Jason Bohrer

Board of Directors

Jason Bohrer is one of the visionaries behind our mission to bring people back together safely and securely, in any environment, through Sentry’s advanced digital communications and detection platform. With over two decades of senior leadership experience, Jason’s track record of success spans across sales, operations, product innovation, strategy, and technology for domestic and global companies like Bexar Technology Partners, CPI Card Group, HID Global, and Motorola, Inc. Prior to launching Sentry Interactive, Jason was actively involved with several key technology transitions across multiple industries, including the contact and contactless EMV transitions in the U.S. payments industry and the adoption of smart card and mobile technologies in the global access and identity market. Jason was an inaugural member of the University of Chicago Executive Institute and holds a bachelor’s degree in Economics from the University of Texas at Austin. He also serves as the Executive Director for two industry-leading not-for-profit organizations: the Secure Technology Alliance and the U.S. Payments Forum.
Brent Terry

Brent Terry

Chief Operating Officer
Brent Terry leads the operations and solutions organizations at Sentry. This includes all product innovation, development, and operations management. A veteran in the technology space, Brent has more than 30 years of experience across a myriad of industries, like physical security technology and building automation, SAAS, hardware and software product development, internet, digital TV, interactive TV, digital media, telecommunications, and medical products and services. Prior to Sentry, Brent has spun up successful startups and led high-performing teams for some of the biggest global, Fortune 500 companies, including ARRIS, Conerco, Motive Communications, SeaChange International, and IBM. Brent holds a BS in Computer Science from the University of Louisiana. He also is the committee Chairman and Program Director for a non-profit organization responsible for the rollout of smart cards for physicians and first responders.