Skip to content

Encryption and Security#

The AES70 standard defines a single encryption mode: TLS with Pre-Shared Keys (PSK). libaes70 does not implement this encryption mode directly.

Instead, libaes70 is designed to focus on protocol implementation and portability, leaving the choice of encryption and authentication to the application developer.

If you require secure control connections, you should apply encryption at another layer, using well-established tools and libraries. For example:

  • Use a TLS proxy to secure connections between devices and controllers.
  • Employ existing network-level security solutions as appropriate for your environment.
  • Make sure to use mature, well-tested cryptographic libraries and infrastructure.

Example: Secretstream Integration#

For demonstration purposes, libaes70 includes an example showing how to integrate with the libsodium Secretstream API. This example is provided as a reference only—it is not intended as a universal solution. Each deployment environment may have different requirements for key management, authentication, and encryption protocols. This example can be found under examples/secretstream.