UDPSocket handshake?

Refering to the misspelled Possible to have a UDPSoket with DTLS handshake? - #2 by Ulrich_Bogun - General - Xojo Programming Forum

I am really not a socket expert, so maybe this is easier to solve than I think. The problem is I want to address Philips Hue Entertainment API (possibly visible only for registered users), where for the streaming API a UDPSocket must be used. While you already have to set up an app id/key combination to use the normal API (and to enable streaming), Philips decided you additionally have to set up a DTLS handshake (and mentions a possible API to use – I copy these parts):

  1. Once the area has been created, and streaming has been enabled, you can start the DTLS handshaking with the bridge. More information below in DTLS Handshaking. This will generate a session key for you. It is advised to use a DTLS library for your application, e.g. mbedtls.

DTLS Handshaking

UDP port 2100 is used for DTLS handshaking and streaming. Only DTLS mode version 1.2 with Pre-Shared Key (PSK) Key exchange method with TLS_PSK_WITH_AES_128_GCM_SHA256 set as Cipher Suite is supported.

The PSK and PSK identity are provided by the CLIP authentication passing the {“generateclientkey”=true} parameter when push linking your application.

The PSK identity exactly matches the CLIP “username” (ASCII / UTF-8 string) from the response.

The PSK is derived from the “client key” in the response by decoding the 32 character ASCII hex string into its 16 byte binary representation.

And here my knowledge stops. Is it possible to use a (Xojo, MBS, Einhugur) socket this way? And if so, how? :smiley:

(And yes, there is a C SDK API too, but I fail in trying to compile it)

UDP yes
But the encryption I dont think exists in anything Xojo supports so you’d need to implement that

I was afraid someone would say so … ;(
Do you know any good source for the details of such a handshake? Is it even possible without causing a lot of work?

I do not
You might just google it
https://ciphersuite.info/cs/TLS_PSK_WITH_AES_128_GCM_SHA256/
apparently is in an RFC

ha !
Its probably a lot of work regardless