[
Date Prev][Date Next][
Thread Prev][Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [mosquitto-dev] Modifying mosquitto source in C to use my own encryption/decryption on broker.
|
Tim Dhillon <tim@xxxxxxxxxxxxxxxxxxxxx> writes:
> We deal with BLE and other memory constrained IOT devices where TLS is
> a big overhead.
You might look at the esphome api, which has encryption with a static
key.
I suspect that the "big overhead" of TLS is not stream encryption but
the X509 certificate processing and validation. I have used MQTT over
TLS from ESP8266 and ESP32, and all of the pain has been in dealing with
PKIX.
It might be easier to have a custom TLS-lite protocol that encrypts the
whole stream. That's basically what esphome api (and OTA update
channel) supports for a crypto layer. You have to figure out key
management anyway, and once you do, it's easy.
Or perhaps you are trying to support e2e encryption across bridges or to
a receiver, so the broker doesn't see the contents. You said "topics"
but I am guessing you are trying to encrpt the payloads. You could
encrypt the topic names, sort of like an encrypted filesystem hides
filenames. I wonder if this would be best done in a client layer and
not in the core MQTT code, because it turns into "post this byte string
to this topic", just encrypted.
Either way, I think it would be good to write a protocol specification,
even if only for your own use. If you want to have such changes
considered for merging, I'd see publishing a spec as a mandatory first
step (not that I decide what's to be merged).
If you'd like (free) help from the list figuring out how to modify the
code, then I would like to see the spec published, and for you to say
that you're going to publish the changes so others can use them.
(Whether or not you'd get help in any circumstance is something I can't
predict.)
