new UnifiedTrustStore()
This class provides an implementation of the trusted assets format as values of the
tag-length-value form in a Base64 encoded AES encrypted file.
Unified client provisioning format:
format = version & blob & *comment
version = 1 byte, value 33
blob = MIME base64 of encrypted & new line
encrypted = IV & AES-128/CBC/PKCS5Padding of values
IV = 16 random bytes
values = *TLV
TLV = tag & length & value
tag = byte
length = 2 byte BE unsigned int
value = length bytes
comment = # & string & : & string & new line
string = UTF-8 chars
The password based encryption key is the password processed by 10000 interations of PBKDF2 with AES CBC with the IV as the salt.
This class is internally used by the trusted assets store managers to read/write files in the unified format.
Classes
Methods
(static) provision(taStoreFile, taStorePassword, serverScheme, serverHost, serverPort, clientId, sharedSecret, truststore, connectedDevices)
This is a helper method for provisioning files used by the trusted assets store managers in the
unified trust store format.
Parameters:
Name | Type | Description |
---|---|---|
taStoreFile |
string | The Trusted Assets Store file name. |
taStorePassword |
string | The Trusted Assets Store password. |
serverScheme |
string | The scheme used to communicate with the server. Must be http(s). |
serverHost |
string | The IoT CS server host name. |
serverPort |
number | The IoT CS server port. |
clientId |
string | The activation ID for devices or client ID for application integrations. |
sharedSecret |
string | The client's shared secret. |
truststore |
string | The truststore file containing PEM-encoded trust anchors certificates to be used to validate the IoT CS server certificate chain. |
connectedDevices |
string | An array of indirect connect devices. |