1 Answer
- Newest
- Most votes
- Most comments
2
Hi,
the document you are referring to mentions: The certificate signing request (CSR) must include a public key that is either an RSA key with a length of at least 2048 bits...". So you cannot use a key with a smaller length than 2048 bits.
But you could try to use custom authentication with AWS IoT Core to achieve your goal.
Cheers,
Philipp
Relevant content
- asked 6 years ago
- asked 3 months ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
Hi Philipp,
The note also refers to the CreateCertificateFromCsr API and this confuses me, we are creating self-signed certificates instead. So this rule also applies to self-signed certificates?
Thank you for the custom authentication suggestion, we are considering this.
Best Regards, Sam
Hi Sam. You will find confirmation here: https://docs.aws.amazon.com/iot/latest/developerguide/audit-chk-device-cert-key-quality.html
I agree that perhaps the basic requirements set out there could also be listed on the link you gave. Please consider to use the Feedback button on that page.
Hi Greg,
Thank you for the confirmation, feedback sent.
We explored other ways and connection with a ECC key from NIST P-256 (curve secp256r1) takes 5 secs, it's more secure than RSA 1024 and good enough for our requirements.
We can share this link, we found it very usefull for optimization parameters: https://csrc.nist.gov/csrc/media/events/lightweight-cryptography-workshop-2015/documents/presentations/session7-vincent.pdf
Thanks again,
Best Regards, Sam
Thanks for the link Sam. Interesting document.