Module iot_device_bridge::crypto
source · [−]Expand description
Functionality implementing the data payload encryption using ECIES (Elliptic Curve Integrated Encryption Scheme) built upon AES-GCM-256 and HKDF-SHA256 and using the secp256k1 curve.
The method is implemented in interoperable libraries in Golang, Python, Rust and Typescript … i.e., these languages used also inthe backend (e.g., the decryption lambda in Golang).
This encryption framework is standardized as: ISO/IEC 18033-2.
The encryption can be set selectively per device using the IoT Shadow node data_encryption_config
, like:
"data_encryption_config": {
"method": "EciesSecp256k1",
"public_key": [<byte>]
}
The DataEncryptionConfig
is currently implemented only for ECIES-secp256k1
method.
Other methods may require different CryptoParams
, e.g., Nonce and may have the keys of different size.