Proof of Possession

To update a registered public key it is not enough to simply provide the public key to the IdP. The IoT device also has to prove that it is in possession of the private key that corresponds to the new public key.

Structure

The PoP object is a base64 encoded representation of the signed SHA256 hash of the JWT that is provided as authentication for the request to update the public key. The PoP object is generated as follows.

base64UrlEncode( ECDSASHA256( JWT ) )

The signature has to be generated using the private key that corresponds to the new public key the IoT device wants to register with the IoT IdP. The signature has to be DER encoded. An example of what a PoP object may look like is displayed below.

MEQCIHQTj5uhVKdfYkcwGHBv7tV/6YNkWZHzOntLyXtzAQFvAiBrcBkiuQ2z1SbDRXsFC7N7Wlfj2NktXR8/vJi7tvFwbw==

Last updated