• State Verified Answer
  • Replies 4 replies
  • Subscribers 72 subscribers
  • Views 1283 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 242221
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nRF9160: Where are DTLS keys stored?

Bjorn191023

Hi,

The LwM2M sample app uses the function nrf_inbuilt_key_write() in the file nrf_inbuilt_key.h to store keys for the DTLS stack. It is also offloads net sockets with the config CONFIG_NET_SOCKETS_OFFLOAD=y. Questions:

1) What does offloading net sockets mean? Is the TCP/IP stack incl DTLS-layer deployed on the modem?

2) Where does nrf_inbuilt_key_write() store the keys? Dependes on CONFIG_NET_SOCKETS_OFFLOAD?

BR / Björn

Parents
  • 0

    Hi Björn,

     

     

    1) What does offloading net sockets mean? Is the TCP/IP stack incl DTLS-layer deployed on the modem?

     Offiloading net sockets is a zephyr shim layer that allows a vendor to use the net functions, but implement their own port layer underneath.

    This essentially means that zephyr's net socket API functions are implemented for the nRF9160 device, and in theory; you can then run the same socket based application on other devices that also have offloaded net sockets (not a guarantee that all parts work, but send/bind/connect/recv/etc should).

    TLS and DTLS is supported by the nRF9160, through "bsdlib" (which also handles normal socket calls). Note that DTLS/TLS handling is also done on a socket API level, and does not match zephyr's implementations.

    2) Where does nrf_inbuilt_key_write() store the keys? Dependes on CONFIG_NET_SOCKETS_OFFLOAD?

     The nrf_inbuilt API communicates with the modem. Once you write a key pair into the modem, you cannot read it out, you can only check if it exists (delete is also an option).

    CA certs can be read out in plain text, as they are not secret.

     

    nrf_inbuilt_* API depends on the bsdlib, which in general handles communication with the modem and provides a socket interface. See the docs to get a better overview of what this library can handle:

    http://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrfxlib/bsdlib/README.html

     

    Kind regards,

    Håkon

  • 0 in reply to Håkon Alseth

    Hi Håkon,

    Thanks for your prompt reply. 

    It is still not clear to me if the TCP/IP stack incl TLS/DTLS is deployed on the nRF9160 Modem or the nRF9160 MCU? (since you confirmed that keys are stored in the modem I guess that the stack is in there as well, but please confirm)

    BR / Björn

Reply Children
Related
Terms of service