Security in the world of IoT is vitally important. At Octoblu, we want to make it easy for you to protect your data as it moves through our platform. We make it easy for you to do end-to-end message encryption by supporting Public Key Encryption.

Using our meshblu npm module is the easiest way to generate a key pair and encrypt/decrypt messages, however it is not the only way. You can register secure devices and encrypt messages easily, using simple command line tools.

To run this example you will need a few utilities:

Example

# generate keypair for sending device
openssl genrsa -out send_device.key 2048
openssl rsa -in send_device.key -pubout > send_device.pub

# generate keypair for receiving device
openssl genrsa -out recv_device.key 2048
openssl rsa -in recv_device.key -pubout > recv_device.pub

# register the sending device
curl -X POST https://meshblu.octoblu.com/devices -H 'Content-Type: application/json' -d "{\"publicKey\": \"`cat send_device.pub | base64`\"}" > send_device.json

# register the receiving device
curl -X POST https://meshblu.octoblu.com/devices -H 'Content-Type: application/json' -d "{\"publicKey\": \"`cat recv_device.pub | base64`\"}" > recv_device.json

# get uuids and tokens
SEND_UUID=`cat send_device.json | jsawk 'return this.uuid'`
SEND_TOKEN=`cat send_device.json | jsawk 'return this.token'`
RECV_UUID=`cat recv_device.json | jsawk 'return this.uuid'`

# encrypt the message
ENCRYPTED_MESSAGE=`echo 'SUPER SECRET' | openssl rsautl -encrypt -pubin -inkey recv_device.pub | base64`

# send the encrypted payload
curl -X POST https://meshblu.octoblu.com/messages -H 'Content-Type: application/json' -H "meshblu_auth_uuid: $SEND_UUID" -H "meshblu_auth_token: $SEND_TOKEN" -d "{\"devices\":\"$RECV_UUID\", \"encryptedPayload\":\"$ENCRYPTED_MESSAGE\"}"

Learn more at the Octoblu Developer site.