I have an embedded device that communicates with Microsoft Azure IoT Hub using CA signed device certificate authentication. I’m acting as the CA and can create and sign device certificates. Everything is working fine in my development environment where I manually generate device key pairs and certificates and can literally paste them into my device source code.
When the product goes into production the plan is for each device to generate its own key pair, the device to export the public key for our custom back-end system to automatically generate the signed certificate which is downloaded and stored in the device. The problem I have is every example of certificate signing I’ve seen requires a public / private key pair as input into a CSR generator but for security reasons my device’s private key is never exported from the device and hence is unavailable.
How do I generate a signed device certificate when I don’t have the device’s private key?
Paresh asks the same question here For Generate CSR request but the answer involves “out of device” key pair generation.
I understand that in the I.T. world it’s no big deal generating key’s and CSRs on a server and that the private key never leaves the server but in the embedded world where the private key never exists outside of the device how do I obtain a certificate when all I have access to is the device’s public key?
I’ve read elsewhere that a CSR is actually signed using the private key as a way of proving the public key holder is in possession of the private key. This I can understand but I come back to my scenario where I do not have the device private key.
Presumably because I am CA I do not need a CSR and hence don’t need the device private key but I can’t find any way of generating a certificate from just the public key?
Sorry about the length of the post and thanks for any advice you can give me.
Hi Paul,
Thank you for your question!
In order for you to sign the certificate, you need your own private key. So you can’t have only the public key.
In our psa crypto work, we have the API to sign using a key handle, however you will need the implementation in your secure element that has the key.
How do I generate a signed device certificate when I don’t have the device’s private key?
Are you as a CA signing a certificate of a different device? If this is the case, you don’t need, and you shouldn’t have that device private key. The CSR is already signed with its private key, and you, as a CA, verifies the CSR using its public key.
As CA I have the CA root private/public key pair for signing device leaf certificates or maybe you’re referring to signing the CSR with the device’s private key?
Thanks for the link, I’ll read up on it. TBH you’ve lost me here, are you talking about signing a CSR within my embedded device with the device’s private key?
You’ve hit the nail on the head, AFAIK my embedded device can’t generate a CSR, only the key pair. As I see it I’ve got two choices:
Generate the device keys, CSR and hence signed device certificate outside of the embedded device then pass the private key and device certificate (which contains the public key) back into the embedded device.
Export the device keys out of the device, generate the CSR and hence device certificate and pass the device certificate back to the device.
Either way the private key would exist external to the device, this I thought was breaking a golden rule. I am a security noob though.
Either way the private key would exist external to the device, this I thought was breaking a golden rule.
You are absolutely correct. You shouldn’t expose your provate key.
I may have misunderstand your use case in this case.
Is your device the CA entity?
Do you want to generate and sign the CA root certificate ( self signed)?
Do you want your CA to generate a device certificate using a CSR received?
The common use case:
A CA has a self signed root trusted certificate, signed with their private key. The certificate holds the CA’s public key
An entity, your device in this case, sends a CSR (certificate signing request) which holds all hte data the device wants in the certificate (extensions, public key) and signs the CSR with their private key.
The device sends the signed CSR to the CA, which in turn verifies the CSR with the device’s public key
4 The CA generates a certificate, using the given CSR, and signs it using the CA’s private key
In none of these phases, the private key is sent to the other entity
If you have an issue signing with your private key, because the private key is not known, and can be signed in a secure element, for example, the my comment on using the key handle is valid.
I hope this is a bit clearer
Thanks again for the prompt and very useful response.
My use-case is identical to the common use case you gave in your response. I am the CA. I have the role and functionality of the CA buttoned down, all is sweet – this is performed on my back-office (out of device) server. My only problem is this:
How do I get my embedded device to generate a CSR?
I understood the device needs a key pair and thanks to MbedTLS I can generate them on the device. I get that the CSR contains the device’s public key plus other data and is signed by the device using its private key. It’s just how do I do it, does MbedTLS provide the code to generate the CSR in the device?
:-