Manage credentials stored in Nordic Semiconductor modems.
Project description
nrfcredstore
nrfcredstore is a command line tool that simplifies managing credentials stored in Nordic Semiconductor modems, like the nRF9160. The typical use case of nrfcredstore is to automate the provisioning of cloud certificates that are stored securely in the modem.
Install
Run the following command to use this package as a dependency:
pip3 install nrfcredstore
Requirements
For the device to respond to AT commands, the firmware on the device must have at_client enabled. This can be done by setting CONFIG_AT_HOST_LIBRARY=y. The nRF9160: AT Client sample can also be used, and the nRF9160 DK application and modem firmware download contains a pre-built firmware.
Command Line Interface
usage: nrfcredstore [-h] [--baudrate BAUDRATE] [--timeout TIMEOUT] dev {list,write,delete,generate} ...
Manage certificates stored in a cellular modem.
positional arguments:
dev Serial device used to communicate with the modem.
options:
-h, --help show this help message and exit
--baudrate BAUDRATE Serial baudrate
--timeout TIMEOUT Serial communication timeout in seconds
subcommands:
{list,write,delete,generate}
Certificate related commands
list List all keys stored in the modem
write Write key/cert to a secure tag
delete Delete value from a secure tag
generate Generate private key
list subcommand
List keys stored in the modem.
usage: nrfcredstore [--baudrate BAUDRATE] [--timeout TIMEOUT] dev list [--tag SECURE_TAG [--type KEY_TYPE]]
example
$ nrfcredstore /dev/tty.usbmodem0009600000001 list --tag 123
Secure tag Key type SHA
123 ROOT_CA_CERT XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
123 CLIENT_CERT XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
123 CLIENT_KEY XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
write subcommand
Write key/cert to a secure tag. KEY_TYPE must be either ROOT_CA_CERT, CLIENT_CERT, CLIENT_KEY, or PSK.
usage: nrfcredstore [--baudrate BAUDRATE] [--timeout TIMEOUT] dev write SECURE_TAG KEY_TYPE FILENAME
example
$ nrfcredstore /dev/tty.usbmodem0009600000001 write 123 ROOT_CA_CERT root-ca.pem
delete subcommand
Delete value from a secure tag.
usage: nrfcredstore [--baudrate BAUDRATE] [--timeout TIMEOUT] dev delete SECURE_TAG KEY_TYPE
example
$ nrfcredstore /dev/tty.usbmodem0009600000001 delete 123 ROOT_CA_CERT
generate subcommand
[!IMPORTANT] This command requires modem firmware version greater than or equal to 1.3.0.
Generate a private key in the modem and output a certificate signing request.
usage: nrfcredstore [--baudrate BAUDRATE] [--timeout TIMEOUT] dev generate SECURE_TAG FILENAME
example
$ nrfcredstore /dev/tty.usbmodem0009600000001 generate 123 device_cert.der
# Convert DER to CSR
$ openssl req -pubkey -in device_cert.der -inform DER > device_cert.csr
Development installation
For development mode, you need poetry:
curl -sSL https://install.python-poetry.org | python3 -
Install package dependencies, development dependencies, and the nrfcredstore itself into poetry's internal virtual environment:
poetry install
Test
Running the tests depends on a development installation.
poetry run pytest
Check coverage
poetry run pytest --cov=. tests
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for nrfcredstore-1.1.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1c0c2a55166dfc0db529c1c83bda9a3b128eabe7e067cfbc421114263aa3d531 |
|
| MD5 | f08c537fc3c9607610c3ed4dd94e4450 |
|
| BLAKE2b-256 | 9c796d12abb5c9adaabb1a7b32567f6a08ada3da6e610ecfc3d14cb879ea3728 |
