Encoding of proposed "PSK secret"

Using the credentials dialog, golioth propose as 32 digit hexadecimal string.
Unfortunately, I didn’t found some documentation near by, how that should be used.
In fact, it’s not used as hexadecimal encoded binary secret of 16 bytes by golioth, which some consider as “common”. instead it’s used as plain ASCII encoded secret of 32 bytes, which is more uncommon.

For PSK, RFC4279 - 5.4 defines
“Entering PSKs up to 64 octets in length as ASCII strings and in hexadecimal encoding.”
The long term experience from Eclipse/Californium is, that mixing up plain and hexadecimal secrets is the most relevant issue when using PSK.

Therefore for short term, please add a comment about the format (ASCII not hexadecimal).

For mid term I would adapt the dialog to chose between plain ASCII and hexadecimal and adapt the proposed secret to string of 16 random characters.

1 Like

Thank you for this feedback @achim.kraus! We’ll make sure to include documentation indicating the format of PSKs. Please feel free to provide any additional feedback regarding how our user experience could be improved.