Using Node.js MQTT with Mosquitto PSK Encryption

Question

I'm working on developing a solution using MQTT to send/receive data to embedded systems. For a broker I'm using Mosquitto. For the client I'm using Node.js MQTT.

I need to encrypt the data and I'd like to use the pre-shared key option in mosquitto to accomplish this however, I can't seem to find anything built into the Node.js MQTT package to do this. Is this possible?

From the Mosquitto configuration docs:

When using pre-shared-key based encryption through the psk_hint and psk_file options, the client must provide a valid identity and key in order to connect to the broker before any MQTT communication takes place. If use_identity_as_username is true, the PSK identity is used instead of the MQTT username for access control purposes. If use_identity_as_username is false, the client may still authenticate using the MQTT username/password if using the password_file option.

Answer 1

Node does support TLS-PSK now, but PSK ciphers are disabled by default.
I finally could connect with the following options:

const client  = mqtt.connect('mqtts://localhost:8883', {
  pskCallback: (hint) => {
    console.log('psk_hint configured in mosquitto.conf', hint);
    return {
      psk: Buffer.from('1234', 'hex'),
      identity: 'DeviceId',
    };
  },
  ciphers: crypto.constants.defaultCipherList.replace(':!PSK', ''),
});

psk_file must include the line DeviceId:1234 in this example.
My main problem was, that configuring a custom ciphers list must include HIGH for whatever reason. It even works with ciphers: 'HIGH'

Answer 2

It appears the MQTT package hands off to Node's TLS capabilities and Node doesn't support TLS PSK.

Preshared keys (TLS-PSK-WITH-AES-256-CBC-SHA) with node.js server