Mosquitto bridge with OpenSSL

Question

I have an embedded Linux system with MQTT through a local broker. Applications act as MQTT clients to the local broker which is set up as a bridge to a cloud broker.

To enable TLS between the local and cloud broker there are options in mosquitto.conf such as bridge_certfile which use keys on the file system, as explained in this question and the Mosquitto documentation.

How can I setup the Mosquitto bridge to use OpenSSL for TLS, to enable the use of a Secure Element for private key storage?

score 0 · Answer 1 · answered Feb 03 '22 at 20:31

0

This answer assumes that the secure element is a TPM2 modules.

You can use the tls_engine mosquitto.conf option to enable the tpm

tls_engine tpm2tss

Then use normal bridge_keyfile to point to the key handle file. you will also need to set tls_keyform engine

You might also need the tls_engine_kpass_sha1 option to supply the private key passphrase.

I suggest you look at the doc for the tpm2tss docs here: https://github.com/tpm2-software/tpm2-tss-engine

answered Feb 03 '22 at 20:31

hardillb

54,545
11
67
105

Thanks for the suggestions. Does `tls_engine` work for bridge connections? – User55412 Feb 08 '22 at 10:01
What makes you think it won't? – hardillb Feb 08 '22 at 11:17
i think not working. tls_engine for incoming connections. But brige for outgoing. I could not make it running, although successfull tpm library and other operations are success. – aze2201 Apr 09 '23 at 21:09

Mosquitto bridge with OpenSSL

1 Answers1