Google Cloud IoT Core 将于 2023 年 8 月 16 日停用。如需了解详情,请与您的 Google Cloud 客户支持团队联系。

添加 RSA256 身份验证

将 RSA256 身份验证添加到设备中。





如需了解详情,请参阅 Cloud IoT Core Go API 参考文档

如需向 Cloud IoT Core 进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

// patchDeviceRSA patches a device to use RSA256 X.509 credentials.
func patchDeviceRSA(w io.Writer, projectID string, region string, registryID string, deviceID string, keyPath string) (*cloudiot.Device, error) {
	// Authorize the client using Application Default Credentials.
	// See
	ctx := context.Background()
	httpClient, err := google.DefaultClient(ctx, cloudiot.CloudPlatformScope)
	if err != nil {
		return nil, err
	client, err := cloudiot.New(httpClient)
	if err != nil {
		return nil, err

	keyBytes, err := ioutil.ReadFile(keyPath)
	if err != nil {
		return nil, err

	device := cloudiot.Device{
		Id: deviceID,
		Credentials: []*cloudiot.DeviceCredential{
				PublicKey: &cloudiot.PublicKeyCredential{
					Format: "RSA_X509_PEM",
					Key:    string(keyBytes),

	parent := fmt.Sprintf("projects/%s/locations/%s/registries/%s/devices/%s", projectID, region, registryID, deviceID)
	response, err := client.Projects.Locations.Registries.Devices.
		Patch(parent, &device).UpdateMask("credentials").Do()
	if err != nil {
		return nil, err

	fmt.Fprintln(w, "Successfully patched device with RSA256 X.509 credentials")

	return response, nil


如需了解详情,请参阅 Cloud IoT Core Java API 参考文档

如需向 Cloud IoT Core 进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

/** Patch the device to add an RSA256 key for authentication. */
protected static void patchRsa256ForAuth(
    String deviceId,
    String publicKeyFilePath,
    String projectId,
    String cloudRegion,
    String registryName)
    throws GeneralSecurityException, IOException {
  GoogleCredentials credential =
  JsonFactory jsonFactory = GsonFactory.getDefaultInstance();
  HttpRequestInitializer init = new HttpCredentialsAdapter(credential);
  final CloudIot service =
      new CloudIot.Builder(GoogleNetHttpTransport.newTrustedTransport(), jsonFactory, init)

  final String devicePath =
          projectId, cloudRegion, registryName, deviceId);

  PublicKeyCredential publicKeyCredential = new PublicKeyCredential();
  String key = Files.asCharSource(new File(publicKeyFilePath), StandardCharsets.UTF_8).read();

  DeviceCredential devCredential = new DeviceCredential();

  Device device = new Device();

  Device patchedDevice =
          .patch(devicePath, device)

  System.out.println("Patched device is " + patchedDevice.toPrettyString());


如需了解详情,请参阅 Cloud IoT Core Node.js API 参考文档

如需向 Cloud IoT Core 进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

// const cloudRegion = 'us-central1';
// const deviceId = 'my-rsa-device';
// const projectId = 'adjective-noun-123';
// const registryId = 'my-registry';
const iot = require('@google-cloud/iot');
const iotClient = new iot.v1.DeviceManagerClient({
  // optional auth parameters.

async function updateDevice() {
  // Construct request
  const devPath = iotClient.devicePath(

  const device = {
    name: devPath,
    credentials: [
        publicKey: {
          format: 'RSA_X509_PEM',
          key: readFileSync(rsaPublicKeyFile).toString(),

  const [response] = await iotClient.updateDevice({
    device: device,
    updateMask: {paths: ['credentials']},

  console.log('Patched device:', deviceId);
  console.log('Response', response);



如需了解详情,请参阅 Cloud IoT Core PHP API 参考文档

如需向 Cloud IoT Core 进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

use Google\Cloud\Iot\V1\DeviceManagerClient;
use Google\Cloud\Iot\V1\Device;
use Google\Cloud\Iot\V1\DeviceCredential;
use Google\Cloud\Iot\V1\PublicKeyCredential;
use Google\Cloud\Iot\V1\PublicKeyFormat;
use Google\Protobuf\FieldMask;

 * Patch the device to add an RSA256 public key to the device.
 * @param string $registryId IOT Device Registry ID
 * @param string $deviceId IOT Device ID
 * @param string $certificateFile Path to RS256 certificate file.
 * @param string $projectId Google Cloud project ID
 * @param string $location (Optional) Google Cloud region
function patch_rsa(
    $location = 'us-central1'
) {
    print('Patch device with RSA256 certificate' . PHP_EOL);

    // Instantiate a client.
    $deviceManager = new DeviceManagerClient();
    $deviceName = $deviceManager->deviceName($projectId, $location, $registryId, $deviceId);

    $publicKey = (new PublicKeyCredential())

    $credential = (new DeviceCredential())

    $device = (new Device())

    $updateMask = (new FieldMask())

    $device = $deviceManager->updateDevice($device, $updateMask);
    printf('Updated device %s' . PHP_EOL, $device->getName());


如需了解详情,请参阅 Cloud IoT Core Python API 参考文档

如需向 Cloud IoT Core 进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

# project_id = 'YOUR_PROJECT_ID'
# cloud_region = 'us-central1'
# registry_id = 'your-registry-id'
# device_id = 'your-device-id'
# public_key_file = 'path/to/certificate.pem'
print("Patch device with RSA256 certificate")

client = iot_v1.DeviceManagerClient()
device_path = client.device_path(project_id, cloud_region, registry_id, device_id)

public_key_bytes = ""
with as f:
    public_key_bytes =

key = iot_v1.PublicKeyCredential(
    format=iot_v1.PublicKeyFormat.RSA_X509_PEM, key=public_key_bytes

cred = iot_v1.DeviceCredential(public_key=key)
device = client.get_device(request={"name": device_path}) = b""
device.num_id = 0

mask = gp_field_mask.FieldMask()

return client.update_device(request={"device": device, "update_mask": mask})


如需了解详情,请参阅 Cloud IoT Core Ruby API 参考文档

如需向 Cloud IoT Core 进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

# project_id  = "Your Google Cloud project ID"
# location_id = "The Cloud region the registry is located in"
# registry_id = "The registry to create a device in"
# device_id   = "The identifier of the device to patch"
# cert_path   = "The path to the RSA certificate"

require "google/apis/cloudiot_v1"

# Initialize the client and authenticate with the specified scope
Cloudiot   = Google::Apis::CloudiotV1
iot_client =
iot_client.authorization = Google::Auth.get_application_default(

# The resource name of the location associated with the project
parent = "projects/#{project_id}/locations/#{location_id}/registries/#{registry_id}"
path   = "#{parent}/devices/#{device_id}"

credential =
credential.public_key =
credential.public_key.format = "RSA_X509_PEM"
credential.public_key.key = cert_path

device =
device.credentials = [credential]

# Create the device
device = iot_client.patch_project_location_registry_device(
  path, device, update_mask: "credentials"

puts "Device: #{}"
puts "\tBlocked: #{device.blocked}"
puts "\tLast Event Time: #{device.last_event_time}"
puts "\tLast State Time: #{device.last_state_time}"
puts "\tName: #{}"
puts "\tCertificate formats:"
if device.credentials
  device.credentials.each { |cert| puts "\t\t#{cert.public_key.format}" }
  puts "\t\tNo certificates for device"


如需搜索并过滤其他 Google Cloud 产品的代码示例,请参阅 Google Cloud 示例浏览器