Manage credentials stored in Nordic Semiconductor modems.
Project description
nrfcredstore
nrfcredstore is a command line tool that simplifies managing credentials stored in Nordic Semiconductor modems, like the nRF9151. The typical use case of nrfcredstore is to automate the provisioning of cloud certificates that are stored securely in the modem.
Install
Run the following command to use this package as a dependency:
pip3 install nrfcredstore
Requirements
The device must be able to respond to AT commands. The Cellular: AT Client sample can be used, and the nRF9151 DK application and modem firmware download contains a pre-built firmware.
Command Line Interface
usage: nrfcredstore [-h] [--baudrate BAUDRATE] [--timeout TIMEOUT] [--debug] [--cmd-type {at,shell,auto}]
dev {list,write,delete,deleteall,imei,attoken,generate} ...
Manage certificates stored in a cellular modem.
positional arguments:
dev Device used to communicate with the modem. For interactive selection of serial port, use "auto". For RTT, use "rtt". If given a SEGGER
serial number, it is assumed to be an RTT device.
options:
-h, --help show this help message and exit
--baudrate BAUDRATE Serial baudrate
--timeout TIMEOUT Serial communication timeout in seconds
--debug Enable debug logging
--cmd-type {at,shell,auto}
Command type to use. "at" for AT commands, "shell" for shell commands, "auto" to detect automatically.
subcommands:
{list,write,delete,deleteall,imei,attoken,generate}
Certificate related commands
list List all keys stored in the modem
write Write key/cert to a secure tag
delete Delete value from a secure tag
deleteall Delete all keys in a secure tag
imei Get IMEI from the modem
attoken Get attestation token of the modem
generate Generate private key
list subcommand
List keys stored in the modem.
usage: nrfcredstore [--baudrate BAUDRATE] [--timeout TIMEOUT] dev list [--tag SECURE_TAG [--type KEY_TYPE]]
example
$ nrfcredstore /dev/tty.usbmodem0009600000001 list --tag 123
Secure tag Key type SHA
123 ROOT_CA_CERT XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
123 CLIENT_CERT XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
123 CLIENT_KEY XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
write subcommand
Write key/cert to a security tag. KEY_TYPE must be either ROOT_CA_CERT, CLIENT_CERT, CLIENT_KEY, or PSK.
usage: nrfcredstore [--baudrate BAUDRATE] [--timeout TIMEOUT] dev write SECURE_TAG KEY_TYPE FILENAME
example
$ nrfcredstore /dev/tty.usbmodem0009600000001 write 123 ROOT_CA_CERT root-ca.pem
delete subcommand
Delete value from a security tag.
usage: nrfcredstore [--baudrate BAUDRATE] [--timeout TIMEOUT] dev delete SECURE_TAG KEY_TYPE
example
$ nrfcredstore /dev/tty.usbmodem0009600000001 delete 123 ROOT_CA_CERT
deleteall subcommand
Delete all writable security tags.
usage: nrfcredstore [--baudrate BAUDRATE] [--timeout TIMEOUT] dev deleteall
imei subcommand
Read IMEI from modem.
usage: nrfcredstore [--baudrate BAUDRATE] [--timeout TIMEOUT] dev imei
attoken subcommand
Read Attestation Token from modem.
usage: nrfcredstore [--baudrate BAUDRATE] [--timeout TIMEOUT] dev attoken
generate subcommand
[!IMPORTANT] This command requires modem firmware version 1.3.0 or later.
Generate a private key in the modem and output a certificate signing request.
usage: nrfcredstore [--baudrate BAUDRATE] [--timeout TIMEOUT] dev generate SECURE_TAG FILENAME
example
$ nrfcredstore /dev/tty.usbmodem0009600000001 generate 123 device_cert.der
# Convert DER to CSR
$ openssl req -pubkey -in device_cert.der -inform DER > device_cert.csr
Development installation
For development mode, you need poetry:
curl -sSL https://install.python-poetry.org | python3 -
Install package dependencies, development dependencies, and the nrfcredstore itself into poetry's internal virtual environment:
poetry install
Test
Running the tests depends on a development installation.
poetry run pytest
Check coverage
poetry run pytest --cov=src tests --cov-report=html
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nrfcredstore-2.0.9.tar.gz.
File metadata
- Download URL: nrfcredstore-2.0.9.tar.gz
- Upload date:
- Size: 14.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.2.1 CPython/3.13.9 Linux/6.11.0-1018-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dffb31d84c4a15478beccc27cdbc515db9a3dc0901738501cf4f942fc2bd6db5
|
|
| MD5 |
7b8d2ce01e42d72c2a72467df57033f4
|
|
| BLAKE2b-256 |
81ad09b615795bd2a073f872ce93628f554d81bf288925a731fb2d764c793f39
|
File details
Details for the file nrfcredstore-2.0.9-py3-none-any.whl.
File metadata
- Download URL: nrfcredstore-2.0.9-py3-none-any.whl
- Upload date:
- Size: 16.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.2.1 CPython/3.13.9 Linux/6.11.0-1018-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9dfbbdd678763f77a1ad7eaa05bc7bc307e9fe2f3b3c26acd59e9156ebde843e
|
|
| MD5 |
19741453a5bd28f3772add41e715d0f4
|
|
| BLAKE2b-256 |
e4f0b017ae59be03a9aa6160d235d1522469ddc6ba6603fe3262591c357ab138
|
