Encryption key questions

[smoms]

when mentioned "encrypted key back to the device" which key is encrypted? what is the encryption key? how does the device use it to connect to IoT Hub (maybe generates a SAS Token)?

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 57d1d61a-9a93-7979-d562-21c6b712c22e
• Version Independent ID: e485312b-15fd-b681-fd6c-855651ffd751
• Content: How to use the MXChip IoT DevKit to connect to the Azure IoT Hub Device Provisioning Service
• Content Source: articles/iot-dps/how-to-connect-mxchip-iot-devkit.md
• Service: iot-dps
• GitHub Login: @liydu
• Microsoft Alias: liydu

[Mike-Ubezzi-MSFT]

@smoms Thanks for the feedback! I have assigned the issue to the content author to evaluate and update as appropriate.

[nberdy]

In the case of TPM, the key is encrypted with both the EK and SRK of the TPM. In the case of X.509 (as with the MXChip board in this article), the device connects using the X.509 certificate it possesses and DPS basically tells the device to use the cert it already has to connect to IoT Hub.