diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Basic_TLS/demo_config.h b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Basic_TLS/demo_config.h index fdf6cc7de..26efec80a 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Basic_TLS/demo_config.h +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Basic_TLS/demo_config.h @@ -60,7 +60,12 @@ * must be unique; so edit as required to ensure that no two clients connecting to * the same broker use the same client identifier. * - * #define democonfigCLIENT_IDENTIFIER "...insert here..." + *!!! Please note a #defined constant is used for convenience of demonstration + *!!! only. Production devices can use something unique to the device that can + *!!! be read by software, such as a production serial number, instead of a + *!!! hard coded constant. + * + * #define democonfigCLIENT_IDENTIFIER "insert here." */ diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Keep_Alive/demo_config.h b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Keep_Alive/demo_config.h index acd96194d..da8c3f409 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Keep_Alive/demo_config.h +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Keep_Alive/demo_config.h @@ -58,6 +58,11 @@ * must be unique so edit as required to ensure no two clients connecting to the * same broker use the same client identifier. * + *!!! Please note a #defined constant is used for convenience of demonstration + *!!! only. Production devices can use something unique to the device that can + *!!! be read by software, such as a production serial number, instead of a + *!!! hard coded constant. + * * #define democonfigCLIENT_IDENTIFIER "insert here." */ diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Multitask/DemoTasks/MultitaskMQTTExample.c b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Multitask/DemoTasks/MultitaskMQTTExample.c index 2d9657eba..a965848e1 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Multitask/DemoTasks/MultitaskMQTTExample.c +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Multitask/DemoTasks/MultitaskMQTTExample.c @@ -111,6 +111,13 @@ /* If no username is defined, then a client certificate/key is required. */ #ifndef democonfigCLIENT_USERNAME + + /* + *!!! Please note democonfigCLIENT_PRIVATE_KEY_PEM in used for + *!!! convenience of demonstration only. Production devices should + *!!! store keys securely, such as within a secure element. + */ + #ifndef democonfigCLIENT_CERTIFICATE_PEM #error "Please define client certificate(democonfigCLIENT_CERTIFICATE_PEM) in demo_config.h." #endif diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Multitask/demo_config.h b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Multitask/demo_config.h index 1ec381981..cc920ea8d 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Multitask/demo_config.h +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Multitask/demo_config.h @@ -57,6 +57,11 @@ * must be unique so edit as required to ensure no two clients connecting to the * same broker use the same client identifier. * + *!!! Please note a #defined constant is used for convenience of demonstration + *!!! only. Production devices can use something unique to the device that can + *!!! be read by software, such as a production serial number, instead of a + *!!! hard coded constant. + * * #define democonfigCLIENT_IDENTIFIER "insert here." */ @@ -133,6 +138,14 @@ /** * @brief Client's private key. * + *!!! Please note pasting a key into the header file in this manner is for + *!!! convenience of demonstration only and should not be done in production. + *!!! Never paste a production private key here!. Production devices should + *!!! store keys securely, such as within a secure element. Additionally, + *!!! we provide the corePKCS library that further enhances security by + *!!! enabling securely stored keys to be used without exposing them to + *!!! software. + * * For AWS IoT MQTT broker, refer to the AWS documentation below for details * regarding clientauthentication. * https://docs.aws.amazon.com/iot/latest/developerguide/client-authentication.html diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Multitask/mqtt_broker_setup.txt b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Multitask/mqtt_broker_setup.txt index 0491f4097..0bb4e684f 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Multitask/mqtt_broker_setup.txt +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Multitask/mqtt_broker_setup.txt @@ -63,14 +63,19 @@ TLS mutual authentication for use with this MQTT demo. "-----BEGIN CERTIFICATE-----\n" \ "...base64 data...\n" \ "-----END CERTIFICATE-----\n" -11. In the certs folder of your Documents, you will find a file called `client.key`. +12. In the certs folder of your Documents, you will find a file called `client.key`. Copy its contents to `#define democonfigCLIENT_PRIVATE_KEY_PEM`. Keep in mind that it must include the PEM header and footer and be formatted in this manner: #define democonfigCLIENT_PRIVATE_KEY_PEM \ "-----BEGIN RSA PRIVATE KEY-----\n" \ "...base64 data...\n" \ "-----END RSA PRIVATE KEY-----\n" -12. Update the config `democonfigdisableSNI` to `( pdTRUE )`. It needs to be + + *!!! Please note democonfigCLIENT_PRIVATE_KEY_PEM in used for convenience + *!!! of demonstration only. Production devices should store keys securely, + *!!! such as within a secure element. + +13. Update the config `democonfigdisableSNI` to `( pdTRUE )`. It needs to be configured this way because the local MQTT broker will only have an IP address but not a hostname. However, SNI (Server name indication) should be enabled whenever possible. diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/DemoTasks/MutualAuthMQTTExample.c b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/DemoTasks/MutualAuthMQTTExample.c index 399c647ae..e4d96ccc9 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/DemoTasks/MutualAuthMQTTExample.c +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/DemoTasks/MutualAuthMQTTExample.c @@ -72,6 +72,13 @@ /* If no username is defined, then a client certificate/key is required. */ #ifndef democonfigCLIENT_USERNAME + + /* + *!!! Please note democonfigCLIENT_PRIVATE_KEY_PEM in used for + *!!! convenience of demonstration only. Production devices should + *!!! store keys securely, such as within a secure element. + */ + #ifndef democonfigCLIENT_CERTIFICATE_PEM #error "Please define client certificate(democonfigCLIENT_CERTIFICATE_PEM) in demo_config.h." #endif diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/demo_config.h b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/demo_config.h index 11bef2c6a..969774a91 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/demo_config.h +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/demo_config.h @@ -60,7 +60,12 @@ * must be unique; so edit as required to ensure that no two clients connecting to * the same broker use the same client identifier. * - * #define democonfigCLIENT_IDENTIFIER "insert here." + *!!! Please note a #defined constant is used for convenience of demonstration + *!!! only. Production devices can use something unique to the device that can + *!!! be read by software, such as a production serial number, instead of a + *!!! hard coded constant. + * + * #define democonfigCLIENT_IDENTIFIER "insert here." */ /** @@ -132,6 +137,14 @@ /** * @brief Client's private key. * + *!!! Please note pasting a key into the header file in this manner is for + *!!! convenience of demonstration only and should not be done in production. + *!!! Never paste a production private key here!. Production devices should + *!!! store keys securely, such as within a secure element. Additionally, + *!!! we provide the corePKCS library that further enhances security by + *!!! enabling securely stored keys to be used without exposing them to + *!!! software. + * * For AWS IoT MQTT broker, refer to the AWS documentation below for details * regarding clientauthentication. * https://docs.aws.amazon.com/iot/latest/developerguide/client-authentication.html diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/mqtt_broker_setup.txt b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/mqtt_broker_setup.txt index 0491f4097..0bb4e684f 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/mqtt_broker_setup.txt +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/mqtt_broker_setup.txt @@ -63,14 +63,19 @@ TLS mutual authentication for use with this MQTT demo. "-----BEGIN CERTIFICATE-----\n" \ "...base64 data...\n" \ "-----END CERTIFICATE-----\n" -11. In the certs folder of your Documents, you will find a file called `client.key`. +12. In the certs folder of your Documents, you will find a file called `client.key`. Copy its contents to `#define democonfigCLIENT_PRIVATE_KEY_PEM`. Keep in mind that it must include the PEM header and footer and be formatted in this manner: #define democonfigCLIENT_PRIVATE_KEY_PEM \ "-----BEGIN RSA PRIVATE KEY-----\n" \ "...base64 data...\n" \ "-----END RSA PRIVATE KEY-----\n" -12. Update the config `democonfigdisableSNI` to `( pdTRUE )`. It needs to be + + *!!! Please note democonfigCLIENT_PRIVATE_KEY_PEM in used for convenience + *!!! of demonstration only. Production devices should store keys securely, + *!!! such as within a secure element. + +13. Update the config `democonfigdisableSNI` to `( pdTRUE )`. It needs to be configured this way because the local MQTT broker will only have an IP address but not a hostname. However, SNI (Server name indication) should be enabled whenever possible. diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Plain_Text/demo_config.h b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Plain_Text/demo_config.h index acd96194d..da8c3f409 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Plain_Text/demo_config.h +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Plain_Text/demo_config.h @@ -58,6 +58,11 @@ * must be unique so edit as required to ensure no two clients connecting to the * same broker use the same client identifier. * + *!!! Please note a #defined constant is used for convenience of demonstration + *!!! only. Production devices can use something unique to the device that can + *!!! be read by software, such as a production serial number, instead of a + *!!! hard coded constant. + * * #define democonfigCLIENT_IDENTIFIER "insert here." */ diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Serializer/demo_config.h b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Serializer/demo_config.h index 4be735903..bd3457581 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Serializer/demo_config.h +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Serializer/demo_config.h @@ -58,6 +58,11 @@ * must be unique so edit as required to ensure no two clients connecting to the * same broker use the same client identifier. * + *!!! Please note a #defined constant is used for convenience of demonstration + *!!! only. Production devices can use something unique to the device that can + *!!! be read by software, such as a production serial number, instead of a + *!!! hard coded constant. + * * #define democonfigCLIENT_IDENTIFIER "insert here." */