Expand Minimize Picture-in-picture Power Device Status Voice Recognition Skip Back Skip Forward Minus Plus Play Search
Documentation
RPC Encryption

RPC Encryption

Relevant Evolution Proposals

Introduction

This guide will cover the basic setup required to enable and utilize RPC Encryption within SDL Core. For more information about the feature, please take a look at the RPC Encryption Overview Guide.

Encryption Setup

Generate Self Signed Certificate

  • Create private key:
openssl genrsa -out client.key 2048
  • Create CSR:
openssl req -new -key client.key -out client.req -subj '/C=US/ST=MI/L=Detroit/O=SDL/OU=HeadUnit/CN=client/emailAddress=sample@sdl.com'
  • Create Public Certificate:
openssl x509 -hash -req -in client.req -signkey client.key -out client.cert -days 10000

Configure SDL Core

INI file modifications

  • Copy client.key and client.cert into your SDL Core build/bin directory. Delete any existing key, cert/crt, or pem files.

In your build/bin directory run:

c_rehash .
  • Set the certificate and key file path for SDL in smartDeviceLink.ini. The INI Configuration has more information about the properties in the INI file.
; Certificate and key path to pem file
CertificatePath = client.cert
KeyPath         = client.key
  • If you are using self signed certificates set VerifyPeer to false.
; Verify Mobile app certificate (could be used in both SSLMode Server and Client)
VerifyPeer  = false

Policy table modifications

The policy table can be modified to enforce encryption on certain RPCs. These modifications can be made in your sdl_preloaded_pt.json before launching Core or by updating the policy table while Core is running via a PTU

  • Add "encryption_required": true to a functional group in the functional_groupings section
...
    "functional_groupings": {
        ...
        "EncryptedRPCs": {
            "encryption_required" : true,
            "rpcs":{
                "AddCommand": {
                    "hmi_levels": ["BACKGROUND",
                    "FULL",
                    "LIMITED"]
                },
                "Alert": {
                    "hmi_levels": ["BACKGROUND", 
                        "FULL", 
                        "LIMITED"]
                },
                ...
            }
        },
        ...
    }
...
  • Add "encryption_required": true to an application in the app_policies section
...
    "app_policies": {
        ...
        "appId": {
            "keep_context": false,
            "steal_focus": false,
            "priority": "NONE",
            "default_hmi": "NONE",
            "groups": ["Base-4", "EncryptedRPCs"],
            "RequestType": [],
            "RequestSubType": [],
            "encryption_required": true
        },
        ...
    }
...
JSON Example

Below is a possible policy table configuration requiring an app to use encryption for a specific functional group.

        "functional_groupings": {
            "EncryptedAddCommand": {
                "encryption_required" : true,
                "rpcs":{
                    "AddCommand": {
                        "hmi_levels": ["BACKGROUND",
                        "FULL",
                        "LIMITED"]
                    }
                }
            },
            ...
        },
        ...
        "app_policies": {
            "<PUT_APP_ID_HERE>": {
                "keep_context": false,
                "steal_focus": false,
                "priority": "NONE",
                "default_hmi": "NONE",
                "groups": ["Base-4", "EncryptedAddCommand"],
                "RequestType": [],
                "RequestSubType": [],
                "encryption_required": true
            },
            ...
        }

Additional Resources

View on GitHub.com
Previous Section Next Section