Credential files format
To use RPK or X509 certificate with Leshan demos your need to provide credentials files 🔒.
This page aims to share information about how generate such files.
Create EC keys using default openssl pem encoding : (prime256v1 also know as secp256r1, is the default curve
openssl ecparam -out keys.pem -name prime256v1 -genkey
Now we will convert those keys in formats which is used for Security(id 0) object in LWM2M specification and which is also well supported by the JVM.
Convert private Key to PKCS#8 format (DER encoding) :
openssl pkcs8 -topk8 -inform PEM -outform DER -in keys.pem -out cprik.der -nocrypt
Output public key portion in SubjectPublicKeyInfo format (DER encoding) :
openssl ec -in keys.pem -pubout -outform DER -out cpubk.der
For further information about Elliptic curves and OpenSSL, refer to openSSL wiki.
To find coordonates(x,y) of an elliptic curve public key, you can look at this post.
(Not yet available)
To get hexa string :
xxd -p -c 512 cpubk.der
To try to find your way in the jungle of credentials file format your could have a look at :
- https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem
- https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file
- https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them
