Hello Mender Team,
I am trying to gain some understanding on the Device Authorization process.
The documentation is pretty good as shown here: Device Authentication
However, I am not able to grasp the part highlighted in bold about the device signing with a private key kept secretly on the device. I have provided to the device Identity Attributes, the public server.crt key and the artifact-verify-key.pem (for artifacts, and public). At which step is a private key provided/generated?
To obtain an auth token, the device sends an authentication request containing the identity attributes and its current public key . The request is signed with the respective private key (kept secret on the device), and the server uses the public key to verify the signature.
Would it be possible to explain this step?
By the way, thanks for the excellent support.