Decrypting Product/Device Secret¶
When you obtain product secret or device secret via Connection Service APIs, the returned values are encrypted. Follow the steps below to obtain and decrypt product and device secrets.
Note
Only when using the V2.4 APIs of Connection Service, the returned values of product/device secret are encrypted. The API versions before V2.4 are not affected.
Prerequisites¶
Ensure that the application has been obtained and authorized. For more information, see API Authentication.
Ensure that your account has been authorized with the role of developers that has permission to access Application Portal > Developer Console.
Decrypting Product Secret¶
Taking Search Product as an example, the below introduces how to obtain and decrypt the product secret.
Go to Application Portal > Developer Console > Application Registration, create or obtain RSA private key files for the application in App Details > RSA Key Pair. The private key is as follows:
-----BEGIN PRIVATE KEY----- PrivateKeyABC123 -----END PRIVATE KEY-----
Follow How to Invoke an EnOS API to invoke the Search Product API and request the following parameters. Ensure that an RSA key pair has been created for the application before you set the
requireSecretparameter totruein the request.url: https://{apigw-address}/connect-service/v2.4/products?action=search&orgId=yourOrgId method: POST requestBody: { "expression":"modelId=\"TestModel\"", "pagination":{ "pageNo":1, "pageSize":1 }, "requireSecret": true, "populateLastUpdateInfo": true }You will obtain the following return content:
{ "code":0, "msg":"OK", "requestId":"5428977e-c820-4595-9566-c1ba11c62438", "data":[ { "orgId":"yourOrgId", "productKey":"productKey", "productName":{ "defaultValue":"product01", "i18nValue":{} }, "productSecret":"EcryptedProductSecret", "sessionKey":"EcryptedsessionKey1", "productDesc":"", "productType":"Device", "dataFormat":"Json", "productTags":null, "protocolGatewayIds":null, "modelId":"TestModel", "dynamicActiveEnabled":false, "biDirectionalAuth":true, "createBy":"u15927947823741", "createTime":"1680514029150", "updateBy":"u15927947823741", "updateTime":1680514029150 } ], "pagination":{ "sortedBy":null, "pageNo":1, "pageSize":1, "totalSize":1980 } }
Use the RSA decryption tool with the RSA private key as the key to calculate the actual sessionKey.
Key:
PrivateKeyABC123Ciphertext:
EcryptedsessionKey1Private key password: The private key password set when creating the key pair. Leave it blank if not set.
Padding: PKCS1_Padding
The resulting sessionKey is as follows:
[1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
Use the AES decryption tool to calculate the actual product secret.
Key:
[1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
Ciphertext:
EcryptedProductSecretMode: ECB
Padding: PKCS7
Ciphertext Encoding: Base64
The generated plaintext is the product secret.
Decrypting Device Secret¶
Taking Search Device API as an example, the steps to obtain and decrypt the device secret are introduced.
Go to Application Portal > Developer Console > Application Registration, create or obtain RSA private key files for the application in App Details > RSA Key Pair. The private key has the following format:
-----BEGIN PRIVATE KEY----- PrivateKeyABC123 -----END PRIVATE KEY-----
Follow How to Invoke an EnOS API to invoke the Search Device API and request the following parameters. Ensure that an RSA key pair has been created for the application before you set the
requireSecretparameter totruein the request.url:https://{apigw-address}/connect-service/v2.4/devices?action=search&orgId=yourOrgId method: POST requestBody: { "expression": "assetId = 'yourAssetId'", "pagination":{ "pageNo":1, "pageSize":1 }, "requireSecret": true, "populateLastUpdateInfo": true }You will obtain the following return content:
{ "code":0, "msg":"OK", "requestId":"5ee49000-11e0-476f-8a71-ca4f1b975422", "data":[ { "orgId":"yourOrgId", "assetId":"yourAssetId", "modelId":"AT_certificate_certBase_model_1", "modelIdPath":"/AT_certificate_certBase_model_1", "productKey":"productKey", "productName":{ "defaultValue":"AT_certificate_certBase_product_1", "i18nValue":{ "zh_CN": null, "en_ES": null, "ja_JP": null, "en_US": null } }, "productType":"Device", "dataFormat":"Json", "deviceKey":"deviceKey", "deviceName":{ "defaultValue":"AT_cert", "i18nValue":{ } }, "deviceSecret":"EcrypteddeviceSecret", "sessionKey":"EcryptedsessionKey2", "deviceDesc":null, "timezone":"+09:00", "deviceAttributes":{ "invType": 0, "Capacity": 123.0 }, "deviceTags":{ }, "firmwareVersion": null, "createTime":1679556857342, "status":"inactive", "activeTime":0, "lastOnlineTime":0, "lastOfflineTime":0, "measurepointLastUpdate":null, "attributeLastUpdate":null, "featureLastUpdate":null } ], "pagination":{ "sortedBy":null, "pageNo":1, "pageSize":2, "totalSize":211 } }
Use the RSA decryption tool with the RSA private key as the key to calculate the actual sessionKey.
Key:
PrivateKeyABC123Ciphertext:
EcryptedsessionKey2Private key password: The private key password set when creating the key pair. Leave it blank if not set.
Padding: PKCS1_Padding
The resulting sessionKey is as follows:
[10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0]
Use the AES decryption tool to calculate the actual device secret.
Key:
[10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0]
Ciphertext:
EcrypteddeviceSecretMode: ECB
Padding: PKCS7
Ciphertext Encoding: Base64
The generated plaintext is the device secret.