Google IoT Core and Photon

I am hopeful to centralize all device and message management in the Google Cloud. Using IFTTT has been terribly inconsistent and I do not want to build a monitoring and recording infrastructure from scratch.

I signed up for Google’s IoT Core service which was recently released to the public in beta. First thing to do is add a device to the IoT Core using the Public Key. No problem getting the Public Key using Particle’s well documented process in the CLI. But when I paste the Public Key into the Google add-device form, there’s always an error:

Credential is invalid. Check if it matches the expected format.

There are 4 format types, tried them all and none work.

Anyone reading this used the IoT Core?
Been able to add a Photon?
What’s your experience with it been?

Any insights are appreciated!

1 Like

I haven’t tried yet to do it, but am keen to listen in on the conversation as everything else is hosted with Google.

I’m keen on this too. I’ve got an operational link to AWS IoT, and Google IoT may also be a viable pursuit.

I’ve been experimenting with the IoT Core API. But I had my integrations to GCP already setup per this tutorial:

Currently I get the error “failed to create iot-core-registry-id” with a “Permission denied (HTTP 403)” error. I plan to roll up my sleeves and try to figure out what’s going on.

there will be 2 key file generated, one is rsa_private.pem for private key, and another is for public key rsa_cert.pem. you should paste content of ras_cert_pem to the Public Key textbox. The key format is RS256_X509. It works for me.

That’s exactly what I’ve done, pasted the contents of rsa_cert.pem file. Tried it with and without the ----BEGIN/END Public Key---- lines. Also generated a private/public key pair in Google’s IoT Core, pasted into the field, and received same error. I’m missing something and have not figured out why this tool does not allow me to register a device.

TonySmart - re-reading your comment, you mention rsa_private.pem and rsa_cert.pem generated. Maybe we are doing something different: Using Particle’s CLI, I issue the command “particle keys save mykey.der” (mykey.der can be renamed per user preference). As a result, the system delivers mykey.pem and mykey.der. There is no reference to rsa_private.pem and rsa_cert.pem.

Are we doing something different? If so, what?

Thank you!


What is your intention with Google IoT Core? Are you trying to have a photon talk directly to google’s service, or are you trying to have Particle’s webhook send data to Google IoT Core?

The goal is to hand-off all Photon management to the IoT Core by registering devices there, monitoring online/offline status, logging activities through Google’s Pub/Sub, routing into a database, creating a dashboard in Google Data Studio. The map is outlined here:

I also get
Credential is invalid. Check if it matches the expected format. For information on how to generate authentication keys, see the documentation.
Any thoughts @TonySmart are you using particle keys new to generate these keys ?

Hi @hawesg @QuakeTazer , I use Goolge IoT Core API in Google Cloud Console, NOT Particle, you can try it too.
As you know, the tutorial is in
the two key files are generated by the command below:
openssl req -x509 -newkey rsa:2048 -keyout rsa_private.pem -nodes -out rsa_cert.pem -subj “/CN=unused”

@TonySmart But then can this key be used on the photon?

@QuakeTazer , You key format is not correct.
The right key format is:

key …

dont use your first short key file. use the 2nd key file.

change the top line “-----BEGIN PUBLIC KEY-----” to “-----BEGIN CERTIFICATE-----” and bottom line “-----END PUBLIC KEY-----” to “-----END CERTIFICATE-----”, then it works. Yes, it works when I use it.

please refer to a entire public key.


Yes, I think it will. But I have not verified it.

It looks like you need a 1024 bit key for a photon and a 2048 bit key for google cloud iot

Thanks @TonySmart, the google key worked with BEGIN/END CERTIFICATE.

First step to make that key work in Photon requires converting the private_key.pem to private_key.der. Everything I found about openssl makes it look easy, just simply use:

     openssl x509 -in private_key.pem -outform der -out private_key.der 

On my Mac and in Google’s console, I get errors. I’m investigating…

Mac Errors:
unable to load certificate
6692:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1316:
6692:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509_CINF
6692:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=cert_info, Type=X509
6692:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:

Google Console Errors:
unable to load certificate
139647954380432:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE

I’ve got it working :slight_smile:

Creating the .der file command was close but instead of x509, need to use rsa. Full command:

openssl rsa -in private_key.pem -outform der -out private_key.der

Loading .der file worked as advertised with:

particle keys load private_key.der

Hope this helps someone along the way. Next steps are to collect data in the database, analyze it, send email alerts, make a dashboard display. Wish me luck!

Excellent, so it works? Now the question is will the photon be able to communicate directly with IOT core. I haven’t really looked at what protocols it uses. I finally got around to getting some data into datastore via the tutorial, I was having some version issues with npm earlier, now I just have to figure out what the best structure would be for time series sensor data.