Topics

Question: Saving OBT tool state


Farid BENAMROUCHE
 

Hi,

I can do an onboarding of my client (a smartphone) and server (an esp32 IOT device), and be able to use the cloud to access my server from anywhere.
If for some reason I loose my smartphone that was used for the onboarding, I have to redo the full onboarding again.
How can I avoid that? Using a new smartphone, install the OBT tools and restore the creds folder is enough? Or only part of it?
Does the ocf cloud have a mechanism for that?

Thank you!
Regards


Jozef Kralik
 

Hi Farid

So I can say how we solve it in plgd.cloud. We created application(https://github.com/plgd-dev/plgd.mobile) for android and iphone, which allows you to onboard the device to the cloud (https://portal.try.plgd.cloud/) or bundle (https://github.com/plgd-dev/cloud/tree/master/bundle) .
User just need to make to OAuth authentication and after that cloud provides identity certificate for the mobile application.
During onboarding the device via justworks, mobile application gets CSR from the device and forwards it to the cloud(bundle) for signing it.

So the user can login from any mobile device to get certificates for managing devices on his network because communication is established through certificates.

Jozef


On Fri, 27 Nov 2020 at 17:23, Farid BENAMROUCHE via groups.io <fariouche=yahoo.fr@groups.io> wrote:
Hi,

I can do an onboarding of my client (a smartphone) and server (an esp32 IOT device), and be able to use the cloud to access my server from anywhere.
If for some reason I loose my smartphone that was used for the onboarding, I have to redo the full onboarding again.
How can I avoid that? Using a new smartphone, install the OBT tools and restore the creds folder is enough? Or only part of it?
Does the ocf cloud have a mechanism for that?

Thank you!
Regards


Farid BENAMROUCHE
 

Thank you Jozef.
Not sure I understand clearly, so let me know if I understood:
I've looked at the github readme and this is what I understood.

Client and Server and Cloud are all sharing the same certificate (cloudca.pem), so Client and server can connect to Cloud.
OBT tool does not share this certificate, but as far as I understand, the obt will generate a private key (if none is provided) and use it to pair both Client and Server.

I didn't see in the client cloud and server cloud example anything about sharing this csr. Maybe handled inside iotivity-lite and only the obt tool can retrieve it?
I didn't check the plgd.mobile app, but is it behaving as an onboarding tool too? So I believe that I must do the onboarding using this app instead of the onboarding tool from iotivity-lite (that is not cloud aware)?

I've logged to the portal.try.plgd.cloud url you provided, and I see a "onboard" button. So this cloud server can also do the onboarding?


Sorry, so many questions :)

Thank you again!


Jozef Kralik
 

| I didn't see in the client cloud and server cloud example anything about sharing this csr. Maybe handled inside iotivity-lite and only the obt tool can retrieve it?
At first they don't share CSRs. Every device/OBT(onboarding tool) has its own private and public key and each of them sends CSR to the cloud.
So OBT retrieves the device resource /oic/sec/csr which returns CSR for the device and the CSR is sent to the cloud for sign.

| I didn't check the plgd.mobile app, but is it behaving as an onboarding tool too? So I believe that I must do the onboarding using this app instead of the onboarding tool from iotivity-lite (that is not cloud aware)?
Yes it is OBT. With OBT from iotivity-lite it is more complicated and it doesn't support flow as I described in previous email. If you want to try you need to use steps: https://github.com/plgd-dev/cloud/tree/master/bundle#secured-iotivity-lite-sample-device-example

| I've logged to the portal.try.plgd.cloud url you provided, and I see a "onboard" button. So this cloud server can also do the onboarding?
It just provides you authorization code for onboard the device to the cloud, which needs to be set during the cloud configuration resource update of the device (https://openconnectivity.org/specs/OCF_Device_To_Cloud_Services_Specification_v2.2.0.pdf). It doesn't onboard the device to the cloud.

Jozef


On Fri, 27 Nov 2020 at 20:52, Farid BENAMROUCHE via groups.io <fariouche=yahoo.fr@groups.io> wrote:
Thank you Jozef.
Not sure I understand clearly, so let me know if I understood:
I've looked at the github readme and this is what I understood.

Client and Server and Cloud are all sharing the same certificate (cloudca.pem), so Client and server can connect to Cloud.
OBT tool does not share this certificate, but as far as I understand, the obt will generate a private key (if none is provided) and use it to pair both Client and Server.

I didn't see in the client cloud and server cloud example anything about sharing this csr. Maybe handled inside iotivity-lite and only the obt tool can retrieve it?
I didn't check the plgd.mobile app, but is it behaving as an onboarding tool too? So I believe that I must do the onboarding using this app instead of the onboarding tool from iotivity-lite (that is not cloud aware)?

I've logged to the portal.try.plgd.cloud url you provided, and I see a "onboard" button. So this cloud server can also do the onboarding?


Sorry, so many questions :)

Thank you again!