0

I'm using the service Device Provisioning for my Azure IoT solution.

I've created a group of registration with Symmetric key attestation.

From the guide: By default, the Device Provisioning Service creates new symmetric keys with a default length of 32 bytes. [...] The symmetric keys for group enrollments are not used directly by devices when provisioning. Instead devices that belong to an enrollment group provision using a derived device key.

In Azure Portal, at the top of the screen of this service I saw that there is a botton: Restore Keys The third bottom

I have some questions about:

  1. Why should I restore/regenerate these keys?
  2. If I sold 1000 devices with devide keys generated by the primary key, if I changed the primary key it would be impossible to register new devices. Do I have to provide a management system for these keys within the devices?

Thanks for the clarifications!

davide.ferrari
  • 221
  • 2
  • 10
  • On question number 1 the first thing that comes to mind if that somehow the keys have been compromised. Can you please add more details for question number 2? it sounds like the scenario is that you would build an IoT solution for a client that has 1000 devices? – Alberto Vega Apr 24 '19 at 18:02
  • No the scenario is 1000 device sell to 1000 different clients. If I restore the keys, and my devices already sold have to re-provisioning, they can't because the keys are changed. – davide.ferrari Apr 26 '19 at 14:19

1 Answers1

0

This looks like it might be a slight translation issue - in English it's "regenerate keys" and the button is used to generate a new key for key rotation purposes.

nberdy - MSFT
  • 96
  • 4