search

espressif / esp-mqtt

ESP32 mqtt component
Apache License 2.0
603 stars 255 forks source link

HSM based mTLS Authentication (IDFGH-3217) #156

Closed swanav closed 4 years ago

swanav commented 4 years ago

How to establish mTLS based Mqtt Session when Private Keys are stored in a HSM?

Currently the library expects a pointer to private key during init, but my usecase will use a HSM for storing the device keys? How can I use the library in this case?

mqtt_client.h

/**
 * MQTT client configuration structure
 */
typedef struct {
...
const char *client_key_pem;             /*!< Pointer to private key data in PEM or DER format for SSL mutual authentication, default is NULL, not required if mutual authentication is not needed. If it is not NULL, also `client_cert_pem` has to be provided. PEM-format must have a terminating NULL-character. DER-format requires the length to be passed in client_key_len */
...
} esp_mqtt_client_config_t;
david-cermak commented 4 years ago

@swanav Sorry for responding that late. IDF should support HSM authentication soon, it will be then integrated to the esp-mqtt.