Coder Social home page Coder Social logo

Comments (6)

dsajanice avatar dsajanice commented on August 17, 2024

Hi @Hammatt the EdgeAgent and EdgeHub modules talk to iotedged (security daemon) to encrypt some data. We haven't exposed iotedged's encrypt api via the SDK so it would be some more work for you to call the encryption api. The example of this call is here: https://github.com/Azure/iotedge/blob/master/edge-util/src/Microsoft.Azure.Devices.Edge.Util/edged/WorkloadClient.cs.

from iotedge.

Hammatt avatar Hammatt commented on August 17, 2024

Thanks @dsajanice ! This looks like just what we're after!

It would be really nice if this was nicely exposed via the SDK, but for now I am happy to try to get it working using something similar to the WorkloadClient implementation.

I'm having some trouble working out what the uri should be to call against, would you be able to point me in the right direction?

from iotedge.

dsajanice avatar dsajanice commented on August 17, 2024

The URL is documented here: https://github.com/Azure/iotedge/blob/master/edgelet/workload/README.md

from iotedge.

Hammatt avatar Hammatt commented on August 17, 2024

Hi @dsajanice ,

I'm trying to decrypt data which was encrypted in a different module.
I used to get this error in the daemon:

Jul 30 04:30:24 gateway iotedged[9856]: 2018-07-30T04:30:24Z [INFO] - [work] - - - [2018-07-30 04:30:24.455841098 UTC] "POST /modules/clouduploadmodule/genid/{obfuscated}/decrypt?api-version=2018-06-28 HTTP/1.1" 500 Internal Server Error 163 "-" "-" pid(10978)
Jul 30 04:30:24 gateway iotedged[9856]: 2018-07-30T04:30:24Z [ERR!] - Internal server error: Sign failed
Jul 30 04:30:24 gateway iotedged[9856]:         caused by: A error occurred retrieving a key from the key store.
Jul 30 04:30:24 gateway iotedged[9856]:         caused by: HSM failure
Jul 30 04:30:24 gateway iotedged[9856]:         caused by: HSM API failure occurred: 417

But now I'm passing the identity and genid in with the module because I see that they're added as aad during the encryption, so now i'm getting this error:

Error: HTTP Response:

{"message":"Module not found"}

Microsoft.Azure.Devices.Edge.Util.Edged.GeneratedCode.IoTEdgedException`1[Microsoft.Azure.Devices.Edge.Util.Edged.GeneratedCode.ErrorResponse]: Not Found
   at Microsoft.Azure.Devices.Edge.Util.Edged.GeneratedCode.HttpWorkloadClient.DecryptAsync(String api_version, String name, String genid, DecryptRequest payload, CancellationToken cancellationToken)
   at IoTEdgeModuleCommon.EdgeCrypto.CryptoHandlers.SecureDaemonCryptoHandler.Decrypt(Byte[] inBytesToDecrypt, Byte[] inInitializationVector)
29-07-2018 23:12:54.13 Error:  Exception event logged. gatewayId: SupermicroDev.   module: clouduploadmodule.    type: Microsoft.Azure.Devices.Edge.Util.Edged.GeneratedCode.IoTEdgedException`1[Microsoft.Azure.Devices.Edge.Util.Edged.GeneratedCode.ErrorResponse].

which correlates to this error in the daemon:

Jul 30 04:21:30gateway iotedged[8032]: 2018-07-30T04:21:30Z [INFO] - Request not authorized - expected caller pid: 8382, actual caller pid: 8494
Jul 30 04:21:30 gateway iotedged[8032]: 2018-07-30T04:21:30Z [INFO] - [work] - - - [2018-07-30 04:21:30.813348183 UTC] "POST /modules/servermodule/genid/{obfuscated}/decrypt?api-version=2018-06-28 HTTP/1.1" 404 Not Found

Do you know of a way to get around this and decrypt data which was encrypted in another module? It's working fantastic otherwise.

from iotedge.

lt72 avatar lt72 commented on August 17, 2024

@Hammatt @dsajanice closing issue as it seems to be stale, please re-open if necessary.

from iotedge.

arsing avatar arsing commented on August 17, 2024

To answer the question from before it was closed: No, you cannot decrypt data in one module that was encrypted by another module. That is intentional, since the API is meant to be used to persist secrets that no other module should be able to read.

from iotedge.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.