最初,我按照本教程(Powershell变体)生成自己的经过ca签名的X509证书- https://learn.microsoft.com/en-us/azure/iot-hub/tutorial-x509-scripts
然后,我做了以下两个场景:
- 使用。net框架应用程序从我自己的笔记本电脑(Windows 10)到Azure IoT Hub设备的通信。这是我的简单代码:
static void Main(string[] args)
{
try
{
// Create an X.509 certificate object.
var cert = new X509Certificate2(@"..test-device-authtest-device-auth.pfx", "pass", X509KeyStorageFlags.UserKeySet);
Console.WriteLine("cert: ");
Console.WriteLine(cert);
// Create an authentication object using your X.509 certificate.
var auth = new DeviceAuthenticationWithX509Certificate(deviceId, cert);
// Create the device client.
var deviceClient = DeviceClient.Create("Arduino-IoT-Hub-Temperature.azure-devices.net", auth, TransportType.Mqtt);
if (deviceClient == null)
{
Console.WriteLine("Failed to create DeviceClient!");
}
else
{
Console.WriteLine("Successfully created DeviceClient!");
SendEvent(deviceClient).Wait();
}
Console.WriteLine("Exiting...n");
}
catch (Exception ex)
{
Console.WriteLine("Error in sample: {0}", ex.Message);
}
}
在这种情况下,程序工作正常时传递正确的可以和正确的短语。此外,当我传递不正确的pass短语或不正确的pfx时,它会失败——这是完全没问题的。
- 使用python脚本直接从我的树莓派3B通信到Azure物联网中心设备。代码如下:
# -------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
# --------------------------------------------------------------------------
import os
import uuid
from azure.iot.device.aio import IoTHubDeviceClient
from azure.iot.device import Message, X509
import asyncio
messages_to_send = 10
async def main():
hostname = "Arduino-IoT-Hub-Temperature.azure-devices.net"
# The device that has been created on the portal using X509 CA signing or Self signing capabilities
device_id = "test-device-auth"
x509 = X509(
cert_file="../test-device-auth/test-device-auth-public.pem",
key_file="../test-device-auth/test-device-auth-private.pem",
pass_phrase="pass",
)
# The client object is used to interact with your Azure IoT hub.
device_client = IoTHubDeviceClient.create_from_x509_certificate(
hostname=hostname, device_id=device_id, x509=x509
)
# Connect the client.
await device_client.connect()
async def send_test_message(i):
print("sending message #" + str(i))
msg = Message("test wind speed " + str(i))
msg.message_id = uuid.uuid4()
msg.correlation_id = "correlation-1234"
# msg.custom_properties["tornado-warning"] = "yes"
msg.content_encoding = "utf-8"
msg.content_type = "application/json"
await device_client.send_message(msg)
print("done sending message #" + str(i))
# send `messages_to_send` messages in parallel
await asyncio.gather(*[send_test_message(i) for i in range(1, messages_to_send + 1)])
# Finally, shut down the client
await device_client.shutdown()
if __name__ == "__main__":
asyncio.run(main())
# If using Python 3.6 use the following code instead of asyncio.run(main()):
# loop = asyncio.get_event_loop()
# loop.run_until_complete(main())
# loop.close()
在这种情况下,.pem文件不受pass_phrase的保护,如果我设置正确,不正确或根本没有pass_phrase都无关紧要。
有谁知道为什么它是这样的,它如何可以仍然与pass_phrase安全?
创建test-device-auth-private.pem时,它不是作为加密的密钥blob创建的,因此不需要密码短语。您可以通过openssl pkcs8 -in test-device-auth-private.pem -out test-device-auth-private-enc.pem -topk8之类的东西加密它,并在提示符下输入密码。