Thank you for the inputs Kai!
I noticed that you could need some help in this area and surely we will contribute our changes/implementations when the time is ready, It will probably take some time with that due to the "Eclipse
Foundation's strict IP policy". I haven't had any time to figure out how it is working but I have at least signed the agreement to do so :)
From: leshan-dev-bounces@xxxxxxxxxxx <leshan-dev-bounces@xxxxxxxxxxx> on behalf of Kai <sophokles.kh@xxxxxxxxx>
Sent: Friday, October 16, 2015 2:18 PM
To: leshan developer discussions
Subject: Re: [leshan-dev] Handling of public raw keys
Björn,
I have to admit that I am (currently) not that deep into the bootstrap server code. However, my understanding is that we currently do not have a standard way of sharing the key material between bootstrap server and lwm2m server. That said, I think
you are free to implement whatever mechanism you feel appropriate in your environment. The bootstrap server surely can use some improvements in this area. In particular, we do not have standard credential stores implemented yet that could be shared by both
servers, e.g. based on a DB or a cache server etc. Your help with this woul be highly appreciated though. Maybe yiu could start with a first implementation that fits your use case and contribute the code? Regarding your second question: I think our assumption
so far has been that key creation is handled by existing solutions for that purpose like PKI Certificate Authority software or even some homegrown system based on openssl. If I am not mistaken, you can also use the standard Jave Crypto Api to create key pairs...
Again, we could really use some help in this area, so I would like to encourage you to really think about helping out :-)
Regards,
Kai
Hi Kai,
Thank you for your fast reply and my apologizes for vague questions.
It is one question regarding the secure communication and
the other one
about provisioning key material as part of
lwm2m's bootstrapping process
1: establishing a
secure communication channel for the lwm2m protocol.
We do have a successful bootstrap process which returns the serverPublicKey, publicKey, e.t.c. in the bootstrap config. Hence, I assume my question should have been how does the lwm2m server and bootstrap server share those keys? Is it approved to store
it in a database which both can utilize? Or does both of them magically generate two identical keys?
2: provisioning key material as part of
lwm2m's bootstrapping process
Was basically asking for pointers, best practice, or any "de facto" open source library for generating secure, unique private and public keys used in the RPK_SEC mode. Obviously we would like to follow the lwm2m protocol standard in the keys
Hi Björn,
I am not 100% sure if I get your question right. Are you talking about establishing a secure communication channel over which the lwm2m protocol is supposed to be run or are you talking about provisioning key material as part of lwm2m's bootstrapping
process?
Regards,
Kai
Hello,
Could anyone explain how the client and server are supposed to exchange their public keys?
Are there any suggested java library to generate the points (x,y,s) for elliptic curve, that is used while generating the public and private keys?
Many thanks!
Björn
_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev
_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev
|