X509¶
This module allows to perform useful operations involving x509 certificates.
-
generate_csr_for_key
(key, subject)¶
Generate a Certificate Signing Request from subject
signed with key key
.
param subject: is a string containing a comma-separated list of OID types and values (e.g. "C=IT,O=ZER,CN=device 1"
)param key: can be: a null terminated string (must end with a 0 byte) containing a valid key or an empty string to use a hardware one.
To enable the use of hardware keys a hardware cryptographic interface must be started.
For example, with an ATECC508A
(ATECCx08A interface):
import x509
from microchip.ateccx08a import ateccx08a
# ...
ateccx08a.hwcrypto_init(I2C0, 0) # select private key stored in slot 0
x509.generate_csr_for_key('', subject)
(in this case ZERYNTH_HWCRYPTO_ATECCx08A
must be also set to true in project.yml
)
Note
generating a CSR requires a big stack, probably not available inside the main thread. It is suggested to call this function from a separate thread with a custom stack size (e.g. thread(generate_function, size=12288)
) .