Skip to content

Device Authentication

Jump to bottom
Rajesh Khadka edited this page Jan 11, 2019 · 1 revision

Google Cloud IOT core uses public key authentication. For public key authentication, we need to generate the public and private key.

  • IOT device uses the private key to sign the JWT.
  • The service uses the device public key (uploaded before the JWT is sent) to verify the device's identity.

Google IOT core provides following digital signatures algorithm:

  1. RS256
  2. ES256
  3. ES256 key with a self-signed X.509 certificate

Generating an RS256 key

Generate the rsa_private.pem and rsa_public.pem using following commands

   openssl genrsa -out rsa_private.pem 2048
   openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem

rsa_private.pem: The private key that must be securely stored on the device and used to sign the authentication JWT.

rsa_public.pem : The public key that must be stored in Cloud IoT Core and used to verify the signature of the authentication JWT.

Generating an ES256 key

   openssl ecparam -genkey -name prime256v1 -noout -out ec_private.pem
   openssl ec -in ec_private.pem -pubout -out ec_public.pem

Above commands generates the following file:

ec_private.pem: The private key that must be securely stored on the device and used to sign the authentication JWT.

ec_public.pem : The public key that must be stored in Cloud IoT Core and used to verify the signature of the authentication JWT.

Clone this wiki locally