diff --git a/pkg/tinydtls/contrib/sock_dtls.c b/pkg/tinydtls/contrib/sock_dtls.c
index 43b00aec30..9a0fd9793a 100644
--- a/pkg/tinydtls/contrib/sock_dtls.c
+++ b/pkg/tinydtls/contrib/sock_dtls.c
@@ -289,6 +289,7 @@ int sock_dtls_create(sock_dtls_t *sock, sock_udp_t *udp_sock,
     sock->buffer.data = NULL;
     sock->psk_hint[0] = '\0';
     sock->client_psk_cb = NULL;
+    sock->rpk_cb = NULL;
 #ifdef SOCK_HAS_ASYNC
     sock->async_cb = NULL;
     sock->buf_ctx = NULL;
@@ -374,6 +375,12 @@ void sock_dtls_set_client_psk_cb(sock_dtls_t *sock, sock_dtls_client_psk_cb_t cb
     sock->client_psk_cb = cb;
 }
 
+void sock_dtls_set_rpk_cb(sock_dtls_t *sock, sock_dtls_rpk_cb_t cb)
+{
+    assert(sock);
+    sock->rpk_cb = cb;
+}
+
 sock_udp_t *sock_dtls_get_udp_sock(sock_dtls_t *sock)
 {
     assert(sock);
diff --git a/pkg/tinydtls/include/sock_dtls_types.h b/pkg/tinydtls/include/sock_dtls_types.h
index 8c9fc3c267..e800bab72f 100644
--- a/pkg/tinydtls/include/sock_dtls_types.h
+++ b/pkg/tinydtls/include/sock_dtls_types.h
@@ -80,6 +80,7 @@ struct sock_dtls {
     unsigned tags_len;                      /**< Number of tags in the list 'tags' */
     dtls_peer_type role;                    /**< DTLS role of the socket */
     sock_dtls_client_psk_cb_t client_psk_cb;/**< Callback to determine PSK credential for session */
+    sock_dtls_rpk_cb_t rpk_cb;              /**< Callback to determine RPK credential for session */
 };
 
 /**
diff --git a/sys/include/net/sock/dtls/creds.h b/sys/include/net/sock/dtls/creds.h
index 00bcca21d3..42cfca6ead 100644
--- a/sys/include/net/sock/dtls/creds.h
+++ b/sys/include/net/sock/dtls/creds.h
@@ -63,6 +63,20 @@ typedef credman_tag_t (*sock_dtls_client_psk_cb_t)(sock_dtls_t *sock, sock_udp_e
                                                    credman_tag_t tags[], unsigned tags_len,
                                                    const char* hint, size_t hint_len);
 
+/**
+ * @brief Raw Public Key callback. Called during handshake to determine the session credential.
+ *
+ * @param[in] sock      DTLS sock object
+ * @param[in] ep        Remote UDP endpoint representing the session
+ * @param[in] tags      List of credential tags available for @p sock
+ * @param[in] tags_len  Number of credentials in @p tags
+ *
+ * @return Tag of the credential to use when a suitable one is found
+ * @retval CREDMAN_TAG_EMPTY otherwise
+ */
+typedef credman_tag_t (*sock_dtls_rpk_cb_t)(sock_dtls_t *sock, sock_udp_ep_t *ep,
+                                            credman_tag_t tags[], unsigned tags_len);
+
 /**
  * @brief Sets the PSK Identity hint to be sent to clients during handshake.
  *
@@ -121,6 +135,15 @@ size_t sock_dtls_get_credentials(sock_dtls_t *sock, const credman_tag_t **out);
  */
 void sock_dtls_set_client_psk_cb(sock_dtls_t *sock, sock_dtls_client_psk_cb_t cb);
 
+/**
+ * @brief Sets the callback function to specify a credential to use for a given connection,
+ *        when using Raw Public Keys.
+ *
+ * @param[in] sock      The DTLS sock object to set the callback to.
+ * @param[in] cb        Callback to set.
+ */
+void sock_dtls_set_rpk_cb(sock_dtls_t *sock, sock_dtls_rpk_cb_t cb);
+
 #ifdef __cplusplus
 }
 #endif