Comment on page
Proof of Possession
To update a registered public key it is not enough to simply provide the public key to the IdP. The IoT device also has to prove that it is in possession of the private key that corresponds to the new public key.
This can be achieved by providing a Proof of Possession (PoP) object in the body of the request to update the public key. For additional detail about the request to update the public key please visit our API Reference.
The PoP object is a base64 encoded representation of the signed SHA256 hash of the JWT that is provided as authentication for the request to update the public key. The PoP object is generated as follows.
base64UrlEncode( ECDSASHA256( JWT ) )
The signature has to be generated using the private key that corresponds to the new public key the IoT device wants to register with the IoT IdP. The signature has to be DER encoded. An example of what a PoP object may look like is displayed below.