Skip to content

Device Credentials for IoT Core

Jump to bottom
Bryan Hunt edited this page Nov 20, 2017 · 1 revision

Loading the public key into GCP

Google IOT Core uses JSON Web Tokens (JWT) to authenticate a device during the MQTT connection. A token is valid for a given period of time specified by the application (up to 24 hours). To authenticate the device each JWT includes a signature element. These examples use the ES256 format (ECDSA with the P-256 curve over a SHA256 hash of the JWT header and claims).

To verify the token Google requires the public key of the device to be associated with the device in GCP console (from the console - IOT Core -> Registries -> -> -> Add Public Key

Retrieving the public key from the crypto element can be done many ways (detailed elsewhere) but these examples emit the public key in the required format (PEM) during boot.

  • Copy the emitted public key
  • Navigate to the device authentication settings (or if creating a new device the key field will be visible)
  • Specify the key format (ES256)
  • Paste the public key given by the device
  • Save

Now the device credentials are properly associated and Google will allow the device to send messages into the registry's configured pubsub.

Google IOT Core with Secure Authentication
  1. Home
  2. Getting Started
    1. Hardware Setup
    2. Cryptoauth Xplained Configuration
    3. Root Certificates
    4. Device Credentials for IoT Core
    5. Dynamic Configuration and Provisioning
  3. Development Boards
    1. ATSAMD21-XPRO
    2. ATSAMW25-XPRO
    3. ATSAMG55-XPRO
  4. Development Tools
    1. ACES
    2. Atmel Studio
  5. Linux and Raspberry Pi
Clone this wiki locally