124
edits
Changes
no edit summary
<li> 2. Symmetric keys </li>
<li> 2. Symmetric keys </li>
</ul>
</ul>
====X.509 mechanism====
====DPS X.509 mechanism====
The first mechanism utilizes X.509 certificates. Each DPS service includes one or more services known as enrollment groups, which handle this task. Each enrollment group is configured to function with a specific IoT Hub, considering there may be multiple IoT Hubs. At the DPS, the root CA certificate needs to be registered. Additionally, each enrollment group should have one or more intermediate CAs that are signed by the root CA. Each RUT device must have a unique certificate signed by an intermediate CA. This certificate contains additional information, such as the subject ID field, which will serve as the device identity name on the IoT Hub. Now, let's delve into an actual example of configuring such a service.
The first mechanism utilizes X.509 certificates. Each DPS service includes one or more services known as enrollment groups, which handle this task. Each enrollment group is configured to function with a specific IoT Hub, considering there may be multiple IoT Hubs. At the DPS, the root CA certificate needs to be registered. Additionally, each enrollment group should have one or more intermediate CAs that are signed by the root CA. Each RUT device must have a unique certificate signed by an intermediate CA. This certificate contains additional information, such as the subject ID field, which will serve as the device identity name on the IoT Hub. Now, let's delve into an actual example of configuring such a service.
The device successfully connects to the Azure IoT Hub.
The device successfully connects to the Azure IoT Hub.
====DPS Symmetric key mechanism====
Symmetric key mechanism is a more basic one. To configure it, firstly head back to Azure portal your DPS service page and create new enrollment group with Symmetric key attestation mechanism.
[[File:Azure RutOSconf 13.png|border|class=tlt-border]]
Inspecting the newly created enrollment group will reveal some keys. The primary key will be used to derive each individual device indentities. This can be done with simple script, which is available on the following Microsoft guide: https://learn.microsoft.com/en-us/azure/iot-dps/how-to-legacy-device-symm-key?tabs=linux&%3Bpivots=programming-language-ansi-c&pivots=programming-language-ansi-c#derive-a-device-key
In the script, you will see couple important variables - KEY and REG_ID. In the key field, we must specify primary key, which we take from new created enrollment group.
[[File:Azure RutOSconf 14.1.png|border|class=tlt-border]]
</ul>
</ul>