DFR0505 / SIM7000C - what is the encryption format for the SSL client private key
Gabriel.Vince 2024-12-16 23:39:09 865 Views0 Replies Having DFR0505 / SIM7000C (GSM/NB module) connected to AWS IoT topic, all works as intended.
I'm using the native SIM7000 AT commands as the controller is limited and not capable handling SSL on its own, as well it saves a lot of space offloading the network libraries to the SIM7000 module.
It means I have to import the SSL client keypair and configure the mutual SSL
// import the keypair and root cert
AT+CFSWFILE=3,"test-1.key",0,1652,10000
AT+CFSWFILE=3,"test-1.crt",0,1200,10000
AT+CFSWFILE=3,"rootca.pem",0,1467,10000
// configure mutual
SSL AT+CSSLCFG="convert",1,"test-1.crt","test-1.key"
AT+CSSLCFG="convert",2,"rootca.pem"
In this case the private key is plaintext copied into the SIM7000 module and easy to extract. In the documentation I see an option for a passkey
AT+CSSLCFG: "convert",(1-3),(<cname>,[<keyname>[,<passkey>]])
I'd assume the passkey option means the private key can be encrypted. What are the encryption algorithm / parameters / format I could use?
I tried the default OpenSSL key format using the "PBE with DES CBC" (old / obsolete today) or more standard "PBE with AES-128 CBC", but with no success
AT+CFSWFILE=3,"test-1_enc.key",0,1745,10000
AT+CSSLCFG="convert",1,"test-1.crt","test-1_enc.key","password"
+CME ERROR: operation not allowed
