Using Paho 2.+ in Python for MQTT with TPM

[Galcon95]

In our project we need to secure the MQTT communication with Trusted Plattform Module. The paho script for a MQTT communication with a Iot broker is working, but with TPM is failing. Meaning errors like: Setting of the TLS connection failed. Exception = [SSL] PEM lib (_ssl.c:3916) are popping up.

No connection with a device certificate generated from a local private key (generated with TPM) can be established.

Questions: #

1. is paho even capable to handle TPM backed connections in this version (Paho 2.0.0)?

2. If yes what is right general workflow for accomplishing that?

The current workflow is rather now:

a) generate a TPM key on the device export OPENSSL_CONF=/etc/ssl/openssl-tpm.cnf openssl ecparam -name prime256v1 -genkey -out client-private-tpm2.key

b) generate a csr file from the tpm key on the devkit openssl req -new -SHA256 -key client-private-tpm2.key -out client-private-tpm2.csr

c) generate a device certificate in the onboarding system with the client-private-tpm2.csrfile device-certificate.crt

Problem: no connection can be established. Error: Setting of the TLS connection failed. Exception = [SSL] PEM lib (_ssl.c:3916)

Some prerequisites: The python (3.10.5) script with installed running TPM2.0 and Paho library It's running on a raspberry pi with a yocto linux version (Scarthgap). The script with the Paho library is working fine without TPM. The MQTT server/broker is in a company AWS cloud and it's working so far with the version without TPM.