ATECC508A.Certificate (atecc508a v0.3.0) View Source
Convert between X.509 certificates and ATECC508A compressed certificates
This is an implementation of the compressed certificate definition described in Atmel-8974A-CryptoAuth-ATECC-Compressed-Certificate-Definition-ApplicationNote_112015.
Link to this section Summary
Functions
Compress an X.509 certificate for storage in an ATECC508A slot.
Compress an X.509 signature into the raw format expected on the ECC508A
Decompress an ECC508A certificate back to it's X.509 form.
Decompress an ECC508A signature into X.509 form.
Create a new device certificate.
Create a new signer certificate.
Return the raw public key bits from one in X509 form.
Convert a raw public key bits to an X509 public key.
Link to this section Functions
Compress an X.509 certificate for storage in an ATECC508A slot.
Not all X.509 certificates are compressible. Most aren't. It's probably
only practical to go through new_device
and new_signer
.
Parameters:
cert
- the certificate to compresstemplate
- the template that will be used on the decompression side
Specs
compress_signature(<<_::512>>) :: <<_::512>>
Compress an X.509 signature into the raw format expected on the ECC508A
Specs
compress_validity(X509.Certificate.Validity.t()) :: ATECC508A.encoded_dates()
Specs
curve() :: :secp256r1
Specs
decompress(ATECC508A.Certificate.Compressed.t()) :: X509.Certificate.t()
Decompress an ECC508A certificate back to it's X.509 form.
Specs
decompress_signature(<<_::512>>) :: <<_::512>>
Decompress an ECC508A signature into X.509 form.
Specs
decompress_validity(ATECC508A.encoded_dates()) :: X509.Certificate.Validity.t()
Specs
get_authority_key_identifier(X509.Certificate.t()) :: any()
Specs
hash() :: :sha256
new_device(atecc508a_public_key, atecc508a_sn, manufacturer_sn, signer, signer_key)
View SourceSpecs
new_device( :public_key.ec_public_key(), ATECC508A.serial_number(), String.t(), X509.Certificate.t(), :public_key.ec_private_key() ) :: X509.Certificate.t()
Create a new device certificate.
The created certificate is compatible with ATECC508A certificate compression.
Parameters:
atecc508a_public_key
- the public key to be signed (from ATECC508A)atecc508a_sn
- the ATECC508a's serial number - used to compute the certificate's serial numbermanufacturer_sn
- the manufacturer's desired serial number - used as the common namesigner
- the signer's certificatesigner_key
- the signer's private key
Specs
new_signer(pos_integer()) :: X509.Certificate.t()
Create a new signer certificate.
The signer certificate is a root certificate. I.e. it's not signed by anyone else. Signer certificates and their associated private keys should be stored safely, though. Their overall use is limited to automating the registration of devices to cloud servers like Nerves Hub and Amazon IoT. Once a device has registered, the cloud server will ignore the signer certificate. It is therefore possible to time limit signer certificates, uninstall them from the cloud server, or limit the number of devices they can auto-register.
The created signer certificate is compatible with ATECC508A certificate compression.
Parameters:
validity_years
- how many years is this signer certificate valid
Specs
public_key_to_raw(X509.PublicKey.t()) :: ATECC508A.ecc_public_key()
Return the raw public key bits from one in X509 form.
Specs
raw_to_public_key(ATECC508A.ecc_public_key()) :: X509.PublicKey.t()
Convert a raw public key bits to an X509 public key.
Specs
signature(X509.Certificate.t()) :: any()