Comments (3)
dextero
commented on May 22, 2024
Hi,
Unfortunately in my project I am not allowed to expose Private key of the system and have some OpenSSL extension to be able to use this private key.
Please note that from the LwM2M servers' perspective, Security object is strictly write-only. The library reads DTLS secrets only to initialize the connection, it never sends them over the network.
If that kind of guarantee is still too much in your use case, changes to the library will be required. Right now, an attempt to set up a DTLS connection fails if keys cannot be read from the data model. I suspect this means a change to our DTLS socket implementation may be necessary to make use of the extension you mention.
Is that extension something available to the public that we could take a look at? Do you use some kind of Secure Element chip?
- How to configure DTLS without using Security Object (if it is really the only recommended way to do it which I understood from documentation)?
It is not possible in the current version of the library. Using the Security object is the only supported way of configuring DTLS.
- Is this solution valid for both use cases: Bootstrap and Device Management? By the way why using Security Object to configure DTLS in bootstrap case as server is not even know and Security Object not yet written by server
I am not sure I understand what you are asking for, but Security Object is used as the source of DTLS credentials for both Bootstrap and Device Management servers. And why do we use Security Object to configure DTLS for the bootstrap server? Mostly because LwM2M requires that, and for consistency - to have only a single source we retrieve that kind of data from.
Best regards,
Marcin
from anjay.
opave
commented on May 22, 2024
Hello,
Thanks for the clear feedback and sorry for the late reply from my side.
In fact, our specificity (to not expose private key) is "encapsulated" in OpenSSL Engine implementation which is used by OpenSSL library. So if Anjay is able to integrate the use of OpenSSL library (which is the case from your documentation) it shall be straight forward but Anjay implementation shall be changed to avoid grabbing private key from data model and trigger OpenSSL calls instead.
Do you see any issue doing this and what is your estimation of the effort?
Regards,
Olivier PAVE
from anjay.
dextero
commented on May 22, 2024
Hi,
My apologies for the late response.
We would need to figure out the scope of changes required to make it work - for example, how is that supposed to work in the presence of a LwM2M Bootstrap Server, which is supposed to be able to override the private key used by a client.
Being able to take a look at how the API differs from standard OpenSSL would be helpful.
Anyway, this is something that differs from the usual way of handling private keys in LwM2M, so it would have to be a non-standard extension. If you are interested in us adding that, please contact [email protected] .
Best regards,
Marcin
from anjay.
Related Issues (20)
- get string resource length in resource_write callback HOT 4
- Adding recurrent task in anjay's main loop HOT 2
- Requesting new parameter on demo app HOT 1
- How to use NUCLEO-L476rg HOT 2
- Configuration of DTLS using MbedTLS HOT 3
- Wrong CoAP endpoint path for send update HOT 4
- anjay_ongoing_registration_exists() remains true when a bootstrapping is used. HOT 2
- How to get higher notification frequency than 1 per second? HOT 2
- 'binding_str' may be used uninitialized warning HOT 1
- anajy_ipso_basic_sensor.c: update_curr_value HOT 1
- DTLS session resumption HOT 4
- handshake failed with Orange Live Objects HOT 4
- Can't cmake on macOS 12.6 HOT 7
- I can not get queueing to work HOT 7
- Demo client not working: getaddrinfo() error: Name or service not known HOT 2
- Missing python package dependencies HOT 3
- How to determine if client is blocked by a firewall?
- Regression in Anjay 3.4.1 regarding Observe-Composite HOT 3
- invalid critical option in query 0.03 Put: 3 HOT 1
- How to specify an alternate path? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from anjay.