Description
Hello everyone,
We’re currently trying to implement dynamic provisioning for our device using PSK credentials on the Golioth platform. The provisioning process is partially successful — the PSK is generated on our backend and sent to both the device and the Golioth dashboard. The key shows up correctly on the Golioth dashboard.
However, the device fails to establish a connection, and we get the following error in the logs:
E (14005) golioth_coap_client_libcoap: Receive timeout
E (14005) golioth_coap_client_libcoap: DTLS handshake failed. Maybe your PSK-ID or PSK is incorrect?
I (14005) golioth_coap_client_libcoap: Ending session
E (14005) golioth_coap_client_libcoap: Received nack reason: COAP_NACK_TLS_FAILED
We suspect the issue may be related to the PSK generation or formatting.
Here is the function we’re currently using on the backend to generate the PSK:
private generatePSK(): string {
return randomBytes(32).toString(‘hex’); // 64 hex characters
}
Questions:
1. Is this the correct way to generate a valid PSK for use with Golioth?
2. Are there any special encoding/formatting requirements (e.g., hex vs base64)?
3. Should the PSK ID follow a specific format or naming convention?
4. What are the correct steps to implement dynamic provisioning using PSK on Golioth?
Any guidance, example implementations, or common pitfalls to avoid would be greatly appreciated.
Thanks in advance!
Expected Behavior
The backend generates a valid PSK using randomBytes(32).toString('hex').
• The generated PSK and PSK-ID are sent securely to:
• the Golioth dashboard (where the PSK is registered under the device entry), and
• the device (which uses these credentials for DTLS authentication).
• The device attempts to connect to the Golioth cloud over DTLS (CoAP + PSK).
• The DTLS handshake succeeds, establishing a secure session.
• The device begins communicating with Golioth and is able to send/receive data.
Actual Behavior
The PSK appears correctly on the Golioth dashboard.
• The device attempts to connect but fails during the DTLS handshake.
• The following logs appear:
E (14005) golioth_coap_client_libcoap: Receive timeout
E (14005) golioth_coap_client_libcoap: DTLS handshake failed. Maybe your PSK-ID or PSK is incorrect?
I (14005) golioth_coap_client_libcoap: Ending session
E (14005) golioth_coap_client_libcoap: Received nack reason: COAP_NACK_TLS_FAILED
No data exchange occurs, and the device is unable to communicate with Golioth.
Environment
Firmware Framework : ESP_IDF v5.4
Backend: Nodejs
Logs and Console Output
E (14005) golioth_coap_client_libcoap: Receive timeout
E (14005) golioth_coap_client_libcoap: DTLS handshake failed. Maybe your PSK-ID or PSK is incorrect?
I (14005) golioth_coap_client_libcoap: Ending session
E (14005) golioth_coap_client_libcoap: Received nack reason: COAP_NACK_TLS_FAILED