Posted On: Jul 31, 2023
Today, AWS IoT Core announced the support for new algorithms for certificate signing and key generation, expanding the list of already supported asymmetric X.509 client certificate signature schemes. AWS IoT Core is a managed service that allows customers to connect billions of Internet of Things (IoT) devices to AWS and uses X.509 certificates as one of the means to authenticate client and device connections to AWS cloud. The support for Rivest Shamir Adleman Signature Scheme with Appendix based on the Probabilistic Signature Scheme (RSASSA-PSS) signing and P-521 elliptic curve key algorithms, provide developers more flexibility to strengthen the security posture of their IoT solutions and comply with organization’s specific cryptographic standard compliance requirements.
Using RSASSA-PSS, developers can now sign X.509 client certificates with the new signature scheme, or register their already signed client certificates and/or the corresponding certificate authorities (CA) with AWS IoT Core. Similarly, with P-521, AWS IoT Core is adding support for additional elliptic curve key algorithm, which enables developers to sign client certificates with CA’s that have P-521 keys, and register such client certificates and/or the corresponding CA’s.
The addition of RSASSA-PSS signing and P-521 key algorithms are offered at no additional charge beyond the standard AWS IoT Core pricing. The feature is generally available in all commercial regions where AWS IoT Core is available. To get started, please refer to technical documentation.