mqtt-lib: encryption

Question

mqtt-lib: encryption

Closed this issue 6 years ago · 5 comments

We need to find a way to encrypt this communication. Both mosquitto broker and esp are supporting SSL, but we need to find something that can work on arduino uno and mega with ethernet shields also. If not for W5100 then at least for W5500

Answer 1 · 2018-08-10T12:07:07.000Z

http://ardiri.com/blog/utls_defining_lightweight_security_for_iot_part_8
http://riotsecure.se/microTLS/

Answer 2 · 2018-08-20T12:42:11.000Z

good reads:
http://www.steves-internet-guide.com/mosquitto-tls/
http://www.steves-internet-guide.com/ssl-certificates-explained/
https://mosquitto.org/man/mosquitto-conf-5.html
http://www.steves-internet-guide.com/mqtt-security-mechanisms/
https://crypto.stackexchange.com/questions/9089/how-does-https-key-get-shared

Answer 3 · 2018-08-20T15:35:03.000Z

mosquitto conf:

allow_anonymous false
password_file /etc/mosquitto/conf.d/passwd
port 8883
psk_hint Hint
psk_file /etc/mosquitto/conf.d/psk
use_identity_as_username false
log_type all

psk:

ime:123abc

passwd:

hc_magic

test with:

mosquitto_sub -t test -p 8883 -u hc --pw magic --psk-identity ime --psk 123abc
mosquitto_pub -t test -m test -p 8883 -u hc --pw magic --psk-identity ime --psk 123ABC

Answer 4 · 2018-08-20T17:38:04.000Z

https://github.com/esp8266/Arduino/blob/master/libraries/ESP8266WiFi/examples/BearSSL_Validation/BearSSL_Validation.ino

Answer 5 · 2018-08-26T10:05:17.000Z

for full ssl encrpytion all we need to do is:
change:

WiFiClient

to

WiFiClientSecure

and in mosquitto conf:

port 8883
use_username_as_clientid false
cafile /etc/mosquitto/certs/ca.crt
keyfile /etc/mosquitto/certs/server.key
certfile /etc/mosquitto/certs/server.crt

and generate keys and certs as per:
http://www.steves-internet-guide.com/mosquitto-tls/