Case:

• secure actuator, which requires signing from the gateway
• gateway doesn't require signing

Documentation says:

For a node that should transmit whitelisted messages but not receive whitelisted messages, you do not need any special configurations:

#define MY_SIGNING_SOFT
#define MY_SIGNING_SOFT_RANDOMSEED_PIN 7

But I was not able to make it work until I've defined

#define MY_SIGNING_NODE_WHITELISTING {}

in the gateway sketch (I am using ESP32 gateway).

I was debugging with #define MY_DEBUG_VERBOSE_SIGNING and before adding this line the gateway log had no mentions of whitelisting:

357220 SGN:NCE:FROM=231
357222 SGN:BND:NONCE=XXXXXXXXXXXXXX
357230 SGN:BND:HMAC=XXXXXXXXXX
357246 SGN:SGN:SGN

after adding the line:

357220 SGN:NCE:FROM=231
357222 SGN:BND:NONCE=XXXXXXXXXXXXXX
357230 SGN:BND:HMAC=XXXXXXXXXX
357239 SGN:BND:SIG WHI,ID=0
357241 SGN:BND:SIG WHI,SERIAL=XXXXXXXXXX
357246 SGN:SGN:SGN