AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

AWS IoT broker how to register a client certificate 1024 bits key length?

0

Hi,

We are trying to register a self signed X.509 for client authentication to aws iot core (aws iot register-certificate) but we get the error "The key in the certificate is not valid".
The problem seems related to the length of the key, it's 1024 bits, we have no problems register a certificate with 2048 bits key. Signing algorithm is "SHA-256 with RSA".
Here there is a note about the key length of the CSR request, no mention about the key length of a self-signed certificate: https://docs.aws.amazon.com/iot/latest/developerguide/x509-client-certs.html

How can register a self signed certificate with 1024 bits key length?

Thanks in advance for support

Reason for this question: We have an old device with few calculation resources, connection to the broker using a 2048 bits key length client certificate takes 10 secs, using a client certificate with 1024 bits key takes 4 seconds, we measured using another broker not aws iot. We know 1024 bits key is not the best key but 10 seconds to connect is two much.

주제
사물 인터넷(IoT)
태그
AWS IoT Core
언어
English
Sam B
질문됨 2년 전230회 조회
1개 답변
2
수락된 답변

Hi,

the document you are referring to mentions: The certificate signing request (CSR) must include a public key that is either an RSA key with a length of at least 2048 bits...". So you cannot use a key with a smaller length than 2048 bits.

But you could try to use custom authentication with AWS IoT Core to achieve your goal.

Cheers,
Philipp

AWS
전문가
Philipp S
답변함 2년 전
profile pictureAWS
전문가
Greg_B
검토됨 2년 전
  • Sam B
    2년 전

    Hi Philipp,

    The note also refers to the CreateCertificateFromCsr API and this confuses me, we are creating self-signed certificates instead. So this rule also applies to self-signed certificates?

    Thank you for the custom authentication suggestion, we are considering this.

    Best Regards, Sam

  • Greg_B 전문가
    2년 전

    Hi Sam. You will find confirmation here: https://docs.aws.amazon.com/iot/latest/developerguide/audit-chk-device-cert-key-quality.html

    AWS IoT performs basic sanity checks on these certificates when they are registered. These checks include: Their cryptographic key sizes must meet a minimum required size (for RSA keys, they must be 2048 bits or larger).

    I agree that perhaps the basic requirements set out there could also be listed on the link you gave. Please consider to use the Feedback button on that page.

  • Sam B
    2년 전

    Hi Greg,

    Thank you for the confirmation, feedback sent.

    We explored other ways and connection with a ECC key from NIST P-256 (curve secp256r1) takes 5 secs, it's more secure than RSA 1024 and good enough for our requirements.

    We can share this link, we found it very usefull for optimization parameters: https://csrc.nist.gov/csrc/media/events/lightweight-cryptography-workshop-2015/documents/presentations/session7-vincent.pdf

    Thanks again,

    Best Regards, Sam

  • Greg_B 전문가
    2년 전

    Thanks for the link Sam. Interesting document.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠