X509对象不会检查我在Azure IoT Hub设备中创建自己的CA签名证书时设置的密码
最初,我生成了自己的X509证书,该证书通过遵循此教程(PowerShell variant) - https://learn.microsoft.com/en-us/azure/azure/iot-hub/tutorial-x509-scripts
然后,我做了以下两个方案:
- 从我自己的笔记本电脑(Windows 10)进行通信(Windows 10)使用.NET Framework应用程序到Azure IoT Hub设备。这是我的简单代码:
static void Main(string[] args)
{
try
{
// Create an X.509 certificate object.
var cert = new X509Certificate2(@"..\test-device-auth\test-device-auth.pfx", "pass", X509KeyStorageFlags.UserKeySet);
Console.WriteLine("cert: ");
Console.WriteLine(cert);
// Create an authentication object using your X.509 certificate.
var auth = new DeviceAuthenticationWithX509Certificate(deviceId, cert);
// Create the device client.
var deviceClient = DeviceClient.Create("Arduino-IoT-Hub-Temperature.azure-devices.net", auth, TransportType.Mqtt);
if (deviceClient == null)
{
Console.WriteLine("Failed to create DeviceClient!");
}
else
{
Console.WriteLine("Successfully created DeviceClient!");
SendEvent(deviceClient).Wait();
}
Console.WriteLine("Exiting...\n");
}
catch (Exception ex)
{
Console.WriteLine("Error in sample: {0}", ex.Message);
}
}
在这种情况下,传递正确的PFX和正确的通过短语时,该程序正常工作。此外,当我通过错误的通用短语或不正确的PFX时,它会失败 - 这是完全很好的。
- 使用Python脚本直接从我的Raspberry Pi 3B到Azure IoT Hub设备。这是代码:
# -------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
# --------------------------------------------------------------------------
import os
import uuid
from azure.iot.device.aio import IoTHubDeviceClient
from azure.iot.device import Message, X509
import asyncio
messages_to_send = 10
async def main():
hostname = "Arduino-IoT-Hub-Temperature.azure-devices.net"
# The device that has been created on the portal using X509 CA signing or Self signing capabilities
device_id = "test-device-auth"
x509 = X509(
cert_file="../test-device-auth/test-device-auth-public.pem",
key_file="../test-device-auth/test-device-auth-private.pem",
pass_phrase="pass",
)
# The client object is used to interact with your Azure IoT hub.
device_client = IoTHubDeviceClient.create_from_x509_certificate(
hostname=hostname, device_id=device_id, x509=x509
)
# Connect the client.
await device_client.connect()
async def send_test_message(i):
print("sending message #" + str(i))
msg = Message("test wind speed " + str(i))
msg.message_id = uuid.uuid4()
msg.correlation_id = "correlation-1234"
# msg.custom_properties["tornado-warning"] = "yes"
msg.content_encoding = "utf-8"
msg.content_type = "application/json"
await device_client.send_message(msg)
print("done sending message #" + str(i))
# send `messages_to_send` messages in parallel
await asyncio.gather(*[send_test_message(i) for i in range(1, messages_to_send + 1)])
# Finally, shut down the client
await device_client.shutdown()
if __name__ == "__main__":
asyncio.run(main())
# If using Python 3.6 use the following code instead of asyncio.run(main()):
# loop = asyncio.get_event_loop()
# loop.run_until_complete(main())
# loop.close()
在这种情况下,.pem文件没有使用PASS_PHRASE确定,并且我是否将正确设置,错误或根本没有PASS_PHRASE都无关紧要。
有谁知道为什么会这样,以及如何使用pass_phrase确保它?
Initially, I generate my own X509 Certificate that is CA-signed by following this tutorial (Powershell variant) - https://learn.microsoft.com/en-us/azure/iot-hub/tutorial-x509-scripts
Then, I made the following two scenarios:
- Communication from my own laptop (Windows 10) to Azure IoT Hub Device using a .NET Framework app. Here is my simple code:
static void Main(string[] args)
{
try
{
// Create an X.509 certificate object.
var cert = new X509Certificate2(@"..\test-device-auth\test-device-auth.pfx", "pass", X509KeyStorageFlags.UserKeySet);
Console.WriteLine("cert: ");
Console.WriteLine(cert);
// Create an authentication object using your X.509 certificate.
var auth = new DeviceAuthenticationWithX509Certificate(deviceId, cert);
// Create the device client.
var deviceClient = DeviceClient.Create("Arduino-IoT-Hub-Temperature.azure-devices.net", auth, TransportType.Mqtt);
if (deviceClient == null)
{
Console.WriteLine("Failed to create DeviceClient!");
}
else
{
Console.WriteLine("Successfully created DeviceClient!");
SendEvent(deviceClient).Wait();
}
Console.WriteLine("Exiting...\n");
}
catch (Exception ex)
{
Console.WriteLine("Error in sample: {0}", ex.Message);
}
}
In this case, the program works fine when passing the correct pfx and the correct pass phrase. Additionally, when I pass incorrect pass phrase or incorrect pfx, it fails - this is perfectly fine.
- Communication directly from my Raspberry Pi 3B to the Azure IoT Hub Device using a python script. Here is the code:
# -------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
# --------------------------------------------------------------------------
import os
import uuid
from azure.iot.device.aio import IoTHubDeviceClient
from azure.iot.device import Message, X509
import asyncio
messages_to_send = 10
async def main():
hostname = "Arduino-IoT-Hub-Temperature.azure-devices.net"
# The device that has been created on the portal using X509 CA signing or Self signing capabilities
device_id = "test-device-auth"
x509 = X509(
cert_file="../test-device-auth/test-device-auth-public.pem",
key_file="../test-device-auth/test-device-auth-private.pem",
pass_phrase="pass",
)
# The client object is used to interact with your Azure IoT hub.
device_client = IoTHubDeviceClient.create_from_x509_certificate(
hostname=hostname, device_id=device_id, x509=x509
)
# Connect the client.
await device_client.connect()
async def send_test_message(i):
print("sending message #" + str(i))
msg = Message("test wind speed " + str(i))
msg.message_id = uuid.uuid4()
msg.correlation_id = "correlation-1234"
# msg.custom_properties["tornado-warning"] = "yes"
msg.content_encoding = "utf-8"
msg.content_type = "application/json"
await device_client.send_message(msg)
print("done sending message #" + str(i))
# send `messages_to_send` messages in parallel
await asyncio.gather(*[send_test_message(i) for i in range(1, messages_to_send + 1)])
# Finally, shut down the client
await device_client.shutdown()
if __name__ == "__main__":
asyncio.run(main())
# If using Python 3.6 use the following code instead of asyncio.run(main()):
# loop = asyncio.get_event_loop()
# loop.run_until_complete(main())
# loop.close()
In this case, the .pem files are not secured with the pass_phrase and it does not matter if I will set correct, incorrect or no pass_phrase at all.
Does anyone know why it is like this and how it can be still secured with the pass_phrase?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
当创建
test-device-auth-auth-private.pem时,它不是作为加密的键Blob创建的,因此不需要密码。您可以通过openssl pkcs8-in test-device-auth-private.pem -out test-test-device-auth-private-enc.pem -topk8进行加密加密。When
test-device-auth-private.pemwas created it wasn't created as an encrypted key blob, so no passphrase is needed. You can encrypt it via something likeopenssl pkcs8 -in test-device-auth-private.pem -out test-device-auth-private-enc.pem -topk8and give a password at the prompt.