Hello,
I would like know if the Losant IOT platform supports CryptoJS API in function Node, I tried to decipher a message that i received from my device using DES or AES function of this API but I have the following error:
“FunctionNodeReferenceError CryptoJS is not defined”
is there any solution fo bypass this issue ?
thanks.
BR,
Med.
There is currently not an easy way to perform crypto operations in our workflows. Adding a crypto node is already on our roadmap. A work-around for the moment could be to use an AWS Lambda function to perform the decryption and then use the AWS Lambda Node to invoke it.
Any update on this topic?
In our application, we need to send data from Losant to Azure. We implemented the integration following this post: https://www.losant.com/blog/getting-started-with-azure-iot-and-losant
The issue with this approach is that the SAS token needs to be renewed every 1 hour or so.
In order to do that, we were planning to schedule a workflow to run every hour and trigger the logic (using a Function node) that would generate the new SAS token and update the Integration settings (using Losant API node).
The only impediment so far is that the logic for generating a SAS token depends on using the Crypto library as you can see in this article: https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-security#security-token-structure.
As a workaround, what we did was to create an Azure Function responsible for creating the SAS token, and Losant Workflow would call the Azure Function every time a new SAS token is needed. But, as you may understand, we would prefer to have the SAS token creation implemented in Losant.
Thanks!
We do have the Hash Node in the Workflow Engine. It exposes some of the crypto functions. However, I was looking through Azure’s docs:
It requires HMAC-SHA256. This method isn’t currently available in the Hash Node. I can open up a feature request ticket to see if we can get this function in the node. After that, I’m not seeing any other major limitation to generating the SAS in a Workflow.
This method current SHA256 is the HMAC-SHA256 operation you need to generate this key.
After posting, our team caught that I was incorrect. My apologies! I just issued an update to the post above.
Overall, the Hash Node should work for you.
Hey, @anaptfox thanks for the quick response!
I’ve been trying to use the Hash Node for generating the HMAC but there is something wrong in my logic since the resulting token doesn’t work. When I run the node.js script on my machine it works fine, so there must be an error in my workflow.
Let me explain to you what I’m doing below, where I basically try to emulate the node.js function that is in https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-security#use-sas-tokens-in-a-device-app
In a Function Node, I prepare the data needed for generating the HMAC
var resourceUri = encodeURIComponent("a url");
var deviceKey = "a key";
var ttl = 60;
var expires = (Date.now() / 1000) + ttl * 60;
expires = Math.ceil(expires);
var toSign = resourceUri + '\n' + expires;
var signingKey = Buffer.from(deviceKey, 'base64');
payload.working = {resourceUri: resourceUri, expires: expires, toSign: toSign, signingKey: signingKey}
Then I call a Hash Node with the following settings:
And finally, I call a Function Node where I create the token with all the previous information:
var resourceUri = payload.working.resourceUri;
var expires = payload.working.expires;
var hmac = payload.working.hmac;
var base64UriEncoded = encodeURIComponent(hmac);
var token ="SharedAccessSignature sr="+resourceUri+"&sig="+base64UriEncoded+"&se="+expires;
payload.working.token = token;
So, I’m able to get a token and place it into {{working.token}} But when I try to use it is not valid. I’m not sure where could be my error, but I suspect that the problem could be related to how I’m sending the secret key (signingKey) to the Hash Node.
If you take a look at HMAC documentation, the secret key must be a Byte array which is consistent with my js code (var signingKey = Buffer.from(deviceKey, ‘base64’)) but I’m not sure if the Hash Node is able to interpret signingKey as a Byte array .
In other words, how can I be sure that the Hash Node is interpreting the secret key as a Bytearray ?
Thanks in advance!