Q1) How do I share the device’s public key from within Firmware to Particle’s server ?
DP : On the reference page - I see CLI commands but didn’t find Firmware functions.
There is no user firmware function to do this. It's handled automatically by the Device OS (system firmware) when necessary. That's only when a device makes a connection to the cloud the first time. After that, the public key is set for the device and that public/private key pair will always be required (unless reset using the CLI).
Q2) How could I share the device’s public key from within Firmware to a Private server ?
By this I mean - what are the relevant device-firmware function calls ?
DP : I’m considering sending the key via Particle’s server.
As the device public key is in flash, you could extract it and send it to a different server. There's no user firmware function to do it.
Q3) How do I decrypt data received on the Device from the Private server using the Device’s private key ?
By this I mean - what are the relevant device-firmware function calls ?
DP : Let’s assume I somehow got the Device’s public key to the Private server (from Q2 above), using which it sent over a message encrypted with the Device’s public key.
Q4) How could I get an AES key from within Firmware from a Private server ?
By this I mean - what are the relevant device-firmware function calls ?
DP : I’m considering getting the key via Particle’s server.
Q5) How do I decrypt data received on the Device from the Private server using an AES key ?
This is possible, but you need to understand how the CoAP encryption protocol for TCP devices works, and it's undocumented. Fortunately, there's an implementation of the protocol in NodeJS which is the best reference for how to do it:
Also, while the Spark Server (local cloud server) isn't really supported, it's a good base for how the device to cloud communication is done:
A community member also has a more up-to-date fork of it: