Securing your devices
Up to this point, we've only used unsecured and unencrypted CoAP. This should only be done while developing, and in closed networks. On the internet, and if the data is personal, CoAP should always be encrypted, and access to the device should always be authenticated and authorized. All these things can be managed directly by the DTLS layer.
To enable DTLS, we create our CoAP endpoint in a different manner:
this.coapEndpoint = new CoapEndpoint( CoapEndpoint.DefaultCoapsPort, this.users);
Here, we utilize the IUserSource
source of users
defined in the previous chapters. Remember that it defined one user, with the username MIoT
and the password rox
. The password was hashed, however, and it is this hash that will be used as a pre-shared key. The username acts as the identity used by DTLS to identify the pre-shared key. So, to access the device using these settings, a session needs to be established by the device using DTLS and the PSK identity of MIoT
and the binary...