SecurityProviderSymmetricKey Class

Package:

com.microsoft.azure.sdk.iot.provisioning.security

• java.lang.Object
• • SecurityProvider
  • • com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderSymmetricKey

public class SecurityProviderSymmetricKey extends SecurityProvider

Constructor Summary

Constructor	Description
SecurityProviderSymmetricKey(byte[] symmetricKey, String registrationId)	Constructor for Symmetric key security provider
SecurityProviderSymmetricKey(String primaryKey, String secondaryKey, String registrationId)	Constructor for Symmetric key security provider that takes both keys

Method Summary

Modifier and Type	Method and Description
byte []	ComputeDerivedSymmetricKey(byte[] enrollmentGroupSymmetricKey, String deviceId) Compute the derived symmetric key for authenticating your device based on it's group enrollment's symmetric key and from the device's registrationId. This step is only necessary for devices in group enrollments. Devices that are registered via an individual enrollment can use the individual enrollment's symmetric key directly.
String	getRegistrationId() Unique id required for registration
byte []	getSecondaryKey() Getter for Secondary key
byte []	getSymmetricKey() Getter for Symmetric key
byte []	HMACSignData(byte[] signature, byte[] base64DecodedKey) Signs data using the provided base 64 decoded key using HMAC SHA 256

Inherited Members

SecurityProvider.getSSLContext()

Constructor Details

SecurityProviderSymmetricKey

public SecurityProviderSymmetricKey(byte[] symmetricKey, String registrationId)

Constructor for Symmetric key security provider

Parameters:

symmetricKey - Symmetric key to be used. For authenticating devices that are under an individual enrollment, this symmetric key is the same symmetric key that the enrollment has. For authenticating devices that are under a group enrollment, this symmetric key is derived from the enrollment group's symmetric key

registrationId - Registration ID to be used

SecurityProviderSymmetricKey

public SecurityProviderSymmetricKey(String primaryKey, String secondaryKey, String registrationId)

Constructor for Symmetric key security provider that takes both keys

Parameters:

primaryKey - Primary key to be used

secondaryKey - Secondary key to be used

registrationId - Registration ID to be used

Method Details

ComputeDerivedSymmetricKey

public static byte [] ComputeDerivedSymmetricKey(byte[] enrollmentGroupSymmetricKey, String deviceId)

Compute the derived symmetric key for authenticating your device based on it's group enrollment's symmetric key and from the device's registrationId. This step is only necessary for devices in group enrollments. Devices that are registered via an individual enrollment can use the individual enrollment's symmetric key directly.

Parameters:

enrollmentGroupSymmetricKey - The primary or secondary key of the group enrollment for which a device is computing it's derived symmetric key. Must be a UTF-8 byte array.

deviceId - The Id of the particular device to compute the derived key for. The user is expected to decide what the deviceId should be prior to attempting to provision the device.

Returns:

The derived key, in base64 encoded bytes.

Throws:

InvalidKeyException - If any exception occurs while initializing the HMAC with the provided key

NoSuchAlgorithmException - If your device does not support HMAC_SHA256

getRegistrationId

public String getRegistrationId()

Unique id required for registration

Returns:

Returns the registration Id used needed for the service

Throws:

SecurityProviderException - If registration id with the underlying implementation could not be retrieved

getSecondaryKey

public byte [] getSecondaryKey()

Getter for Secondary key

Returns:

Returns Secondary Key byte array

getSymmetricKey

public byte [] getSymmetricKey()

Getter for Symmetric key

Returns:

Returns Symmetric Key byte array

HMACSignData

public byte [] HMACSignData(byte[] signature, byte[] base64DecodedKey)

Signs data using the provided base 64 decoded key using HMAC SHA 256

Parameters:

signature - Data to be signed

base64DecodedKey - Key used for signing

Returns:

Returns signed data

Throws:

SecurityProviderException - If signing was not successful