| Re: [leshan-dev] Handling of public raw keys |
Björn,
I have to admit that I am (currently) not that deep into the bootstrap server code. However, my understanding is that we currently do not have a standard way of sharing the key material between bootstrap server and lwm2m server. That said, I think you are free to implement whatever mechanism you feel appropriate in your environment. The bootstrap server surely can use some improvements in this area. In particular, we do not have standard credential stores implemented yet that could be shared by both servers, e.g. based on a DB or a cache server etc. Your help with this woul be highly appreciated though. Maybe yiu could start with a first implementation that fits your use case and contribute the code? Regarding your second question: I think our assumption so far has been that key creation is handled by existing solutions for that purpose like PKI Certificate Authority software or even some homegrown system based on openssl. If I am not mistaken, you can also use the standard Jave Crypto Api to create key pairs...
Again, we could really use some help in this area, so I would like to encourage you to really think about helping out :-)
Regards,
Kai
Hi Kai,
Thank you for your fast reply and my apologizes for vague questions.
It is one question regarding the secure communication and the other one about provisioning key material as part of lwm2m's bootstrapping process
1: establishing a secure communication channel for the lwm2m protocol.
We do have a successful bootstrap process which returns the serverPublicKey, publicKey, e.t.c. in the bootstrap config. Hence, I assume my question should have been how does the lwm2m server and bootstrap server share those keys? Is it approved to store it in a database which both can utilize? Or does both of them magically generate two identical keys?
2: provisioning key material as part of lwm2m's bootstrapping process
Was basically asking for pointers, best practice, or any "de facto" open source library for generating secure, unique private and public keys used in the RPK_SEC mode. Obviously we would like to follow the lwm2m protocol standard in the keys
Best Regards,
Björn
From: leshan-dev-bounces@xxxxxxxxxxx <leshan-dev-bounces@xxxxxxxxxxx> on behalf of Kai <sophokles.kh@xxxxxxxxx>
Sent: Friday, October 16, 2015 12:45 PM
To: leshan developer discussions
Subject: Re: [leshan-dev] Handling of public raw keys_______________________________________________Hi Björn,
I am not 100% sure if I get your question right. Are you talking about establishing a secure communication channel over which the lwm2m protocol is supposed to be run or are you talking about provisioning key material as part of lwm2m's bootstrapping process?
Regards,
Kai
Björn Eriksson <Bjorn.Eriksson@xxxxxxxxx> schrieb am Fr., 16. Okt. 2015, 10:32:
_______________________________________________Hello,
Could anyone explain how the client and server are supposed to exchange their public keys?
Are there any suggested java library to generate the points (x,y,s) for elliptic curve, that is used while generating the public and private keys?
Many thanks!
Björn
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev