The OpenThread CoAP Secure APIs may be invoked via the OpenThread CLI.
CoAP Secure use DTLS (over UDP) to make an end to end encrypted connection.
1a. enter your psk and his identifier
coaps set psk <yourPsk> <PskIdentifier>
1b. set the private key and .X509 certificate stored in core/cli/x509_cert_key.hpp.
optional: add your own X.509 certificate and private key to ‘core/cli/x509_cert_key.hpp’.
coaps set x509
> coaps start
coaps resource <coapUri>
coaps connect <serversIp> (port, if not default)
coaps get (serversIp) <coapUri> (Con/NotCon) (payload)
post, put and delete also possible
<> must () opt
In this example the coap server is also the dtls server. The dtls server waits for incoming connection on coaps port 5684. The Node 2 below is able to connect to this coaps server.
Note: Node 1 and Node 2 must use the same mode. Either PSK or Certificate based.
Node 1 --------- |CoAPS | |Server | <--Listen on Port 5684-- (Node 2) | | ---------
coaps set psk secretPSK Client_identity coaps start coaps resource test
coaps set x509 coaps start (false) coaps resource test
In this example the coap client is also the dtls client. The dlts client can connect to a coaps server which is listen on coaps port 5684, e.g to the Node 1 above.
Note: Node 1 and Node 2 must use the same mode. Either PSK or Certificate based.
Node 2 --------- |CoAPS | |Client |--Connect to Server on Port 5684--> (Node 1) | | ---------
coaps set psk secretPSK Client_identity coaps start coaps connect 2001:620:190:ffa1::321 coaps get test coaps disconnect
coaps set x509 coaps start (false) coaps connect <server_ip> coaps get test coaps disconnect
openssl ecparam -genkey -out myECKey.pem -name prime256v1 -noout
openssl ecparam -list_curves
openssl req -x509 -new -key myECKey.pem -out myX509Cert.pem -days 30