Skip to content

Commit b9d0184

Browse files
v-stadamv-stadam
committed
corrections for derived key use with symmetric keys
1 parent e973e93 commit b9d0184

File tree

1 file changed

+9
-3
lines changed

1 file changed

+9
-3
lines changed

articles/iot-edge/how-to-auto-provision-symmetric-keys.md

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -94,11 +94,14 @@ When you create an enrollment in DPS, you have the opportunity to declare an **I
9494

9595
1. Select **Save**.
9696

97-
Now that an enrollment exists for this device, the IoT Edge runtime can automatically provision the device during installation. Be sure to copy your enrollment's **Primary Key** value to use when creating your device key.
97+
Now that an enrollment exists for this device, the IoT Edge runtime can automatically provision the device during installation. Be sure to copy your enrollment's **Primary Key** value to use when installing the IoT Edge runtime, or if you're going to be creating device keys for use with a group enrollment.
9898

9999
## Derive a device key
100100

101-
Your device uses the derived device key with your unique registration ID to perform symmetric key attestation with the enrollment during provisioning. To generate the device key, use the key you copied from your DPS enrollment to compute an [HMAC-SHA256](https://wikipedia.org/wiki/HMAC) of the unique registration ID for the device and convert the result into Base64 format.
101+
> [!NOTE]
102+
> This section is required only if using a group enrollment.
103+
104+
Each device uses its derived device key with your unique registration ID to perform symmetric key attestation with the enrollment during provisioning. To generate the device key, use the key you copied from your DPS enrollment to compute an [HMAC-SHA256](https://wikipedia.org/wiki/HMAC) of the unique registration ID for the device and convert the result into Base64 format.
102105

103106
Do not include your enrollment's primary or secondary key in your device code.
104107

@@ -153,7 +156,10 @@ You'll need the following information when provisioning your device:
153156

154157
* The DPS **ID Scope** value
155158
* The device **Registration ID** you created
156-
* The device's derived device key for symmetric key attestation
159+
* The **Primary Key** you copied from the DPS enrollment
160+
161+
> [!TIP]
162+
> For group enrollments, you need each device's [derived key](#derive-a-device-key) rather than the DPS enrollment key.
157163
158164
### Linux device
159165

0 commit comments

Comments
 (0)