Search code examples
kaa

How to assign endpoint key to device in kaaproject?

From kaa documentation, when updating server-side endpoint profile via AdminRest API, the developer needs to specify 3 parameters

  • endpointProfileKey: the key hash of the endpoint in Base64 URL safe format.
  • version: the version of the server-side endpoint profile schema
  • serverProfileBody: the server-side endpoint profile body

I wonder where I (a kaa developer) can obtain the endpointProfileKey of the endpoint to perform this action?

  • If it was created from manufacturing phase (and how can a manufacturer send the key to the endpoint's firmware)?
  • Or it was auto-generated in endpoint registration phase and be sent to somewhere in kaa server where we can get it later via AdminRest API and Administrator GUI? Thank you very much!

Update

Ok, I have find the answer from Kaaproject forums on google groups. Thanks Peter Krutsiuk :)

EndpointKeyHash is basically a base64 string representation of endpoint public key (key.public). key.public and key.private are generated by SDK during start up if this files are not present in a working directory of an application. Note: Activation demo have three modes:

  1. Admin - used for endpoint credential management (provisioning (Device Management feature), revocation and registration) and in this mode app doesn't use Kaa SDK.
  2. Developer - used for managing of Server side endpoint profiles and in this mode app doesn't usethe SDK too.
  3. Client - only in this mode application use SDK API and behave like endpoint. More information you can find in application description and Design reference (Endpoint registration, Endpoint profiles).

Best regards, Peter.

And my question now is whether I'm be able to specify this endpointProfileKey at manufacturing time (before it goes online). For example, generate a RSA key pair my self and put it in the running directory before launching the application, is it possible? Thanks!

Solution

  • Yes, you can use pre-generated RSA key pair (public and private), put them into the device's directory and then (when your device will go online) provision them via Kaa REST API to register your endpoint on Kaa Server.

    You can see an example of credentials provisioning for Java in "Credentials Java Admin demo" of section "Credentials demos" in Kaa Sandbox.

    In the same way, as it is done in this demo, you can use AdminClient (org.kaaproject.kaa.server.common.admin.AdminClient) from Kaa Project to work with Admin REST API.