View Source ATECC508A.Certificate (atecc508a v1.2.0)
Convert between X.509 certificates and ATECC508A compressed certificates
This is an implementation of the compressed certificate definition described in Atmel-8974A-CryptoAuth-ATECC-Compressed-Certificate-Definition-ApplicationNote_112015.
Link to this section Summary
Functions
Compress an X.509 certificate for storage in an ATECC508A slot.
Compress an X.509 signature into the raw format expected on the ECC508A
Decompress an ECC508A certificate back to it's X.509 form.
Decompress an ECC508A signature into X.509 form.
Create a new device certificate.
Create a new signer certificate.
Return the raw public key bits from one in X509 form.
Convert a raw public key bits to an X509 public key.
Link to this section Functions
Compress an X.509 certificate for storage in an ATECC508A slot.
Not all X.509 certificates are compressible. Most aren't. It's probably
only practical to go through new_device and new_signer.
Parameters:
cert- the certificate to compresstemplate- the template that will be used on the decompression side
@spec compress_signature(<<_::512>>) :: <<_::512>>
Compress an X.509 signature into the raw format expected on the ECC508A
@spec compress_validity(X509.Certificate.Validity.t()) :: ATECC508A.encoded_dates()
@spec curve() :: :secp256r1
@spec decompress(ATECC508A.Certificate.Compressed.t()) :: X509.Certificate.t()
Decompress an ECC508A certificate back to it's X.509 form.
@spec decompress_signature(<<_::512>>) :: <<_::512>>
Decompress an ECC508A signature into X.509 form.
@spec decompress_validity( ATECC508A.Certificate.Compressed.template(), ATECC508A.encoded_dates() ) :: X509.Certificate.Validity.t()
@spec get_authority_key_identifier(X509.Certificate.t()) :: any()
@spec hash() :: :sha256
new_device(atecc508a_public_key, atecc508a_sn, manufacturer_sn, signer, signer_key)
View Source@spec new_device( :public_key.ec_public_key(), ATECC508A.serial_number(), String.t(), X509.Certificate.t(), :public_key.ec_private_key() ) :: X509.Certificate.t()
Create a new device certificate.
The created certificate is compatible with ATECC508A certificate compression.
Parameters:
atecc508a_public_key- the public key to be signed (from ATECC508A)atecc508a_sn- the ATECC508a's serial number - used to compute the certificate's serial numbermanufacturer_sn- the manufacturer's desired serial number - used as the common namesigner- the signer's certificatesigner_key- the signer's private key
@spec new_signer(pos_integer()) :: X509.Certificate.t()
Create a new signer certificate.
The signer certificate is a root certificate. I.e. it's not signed by anyone else. Signer certificates and their associated private keys should be stored safely, though. Their overall use is limited to automating the registration of devices to cloud servers like Nerves Hub and Amazon IoT. Once a device has registered, the cloud server will ignore the signer certificate. It is therefore possible to time limit signer certificates, uninstall them from the cloud server, or limit the number of devices they can auto-register.
The created signer certificate is compatible with ATECC508A certificate compression.
Parameters:
validity_years- how many years is this signer certificate valid
@spec public_key_to_raw(X509.PublicKey.t()) :: ATECC508A.ecc_public_key()
Return the raw public key bits from one in X509 form.
@spec raw_to_public_key(ATECC508A.ecc_public_key()) :: X509.PublicKey.t()
Convert a raw public key bits to an X509 public key.
@spec signature(X509.Certificate.t()) :: any()