Up to this point, we've only used unsecured and unencrypted CoAP. This should only be done while developing, and in closed networks. On the internet, and if the data is personal, CoAP should always be encrypted, and access to the device should always be authenticated and authorized. All these things can be managed directly by the DTLS layer.
To enable DTLS, we create our CoAP endpoint in a different manner:
this.coapEndpoint = new CoapEndpoint( CoapEndpoint.DefaultCoapsPort, this.users);
Here, we utilize the
IUserSource source of
users defined in the previous chapters. Remember that it defined one user, with the username
MIoT and the password
rox. The password was hashed, however, and it is this hash that will be used as a pre-shared key. The username acts as the identity used by DTLS to identify the pre-shared key. So, to access the device using these settings, a session needs to be established by the device using DTLS and the PSK identity of
MIoT and the binary...