Up to this point, we've only used unsecured and unencrypted CoAP. This should only be done while developing, and in closed networks. On the internet, and if the data is personal, CoAP should always be encrypted, and access to the device should always be authenticated and authorized. All these things can be managed directly by the DTLS layer.
To enable DTLS, we create our CoAP endpoint in a different manner:
this.coapEndpoint = new CoapEndpoint( CoapEndpoint.DefaultCoapsPort, this.users);
Here, we utilize the IUserSource source of users defined in the previous chapters. Remember that it defined one user, with the username MIoT and the password rox. The password was hashed, however, and it is this hash that will be used as a pre-shared key. The username acts as the identity used by DTLS to identify the pre-shared key. So, to access the device using these settings, a session needs to be established by the device using DTLS and the PSK identity of MIoT and the binary pre-shared key of:
SHA-256(UTF-8-Encode("rox" + ":" + DEVICE_ID))
The DEVICE_ID is the ID of the device. You can find it in the log. Unfortunately, you cannot use the Copper (Cu) add-on to test DTLS, but the next chapter will provide you with examples of how to test this.
The string after the user source, if not empty, limits access to the endpoint to users with the corresponding privileges only. The two last Boolean parameters determine if loopback interfaces can be used for reception or transmission. But since loopback is not enabled in UWP apps, we set these to false.
this.coapEndpoint = new CoapEndpoint(
new int[] { CoapEndpoint.DefaultCoapPort },
new int[] { CoapEndpoint.DefaultCoapsPort },
this.users, string.Empty, false, false);