nerves_key v0.5.2 NervesKey View Source
This is a high level interface to provisioning and using the NervesKey or any ATECC508A/608A that can be configured similarly.
Link to this section Summary
Types
Which device/signer certificate pair to use
Functions
Clear out the auxiliary certificates
Create a signing key pair
Return default provisioning info for a NervesKey
Detect if a NervesKey is available on the transport
Read the device certificate from the slot
Return the settings block as a binary
Return all of the setting stored in the NervesKey as a map
Check whether the auxiliary certificates were programmed
Read the manufacturer's serial number
Provision a NervesKey in one step.
Provision the auxiliary device/signer certificates on a NervesKey.
Check whether the NervesKey has been provisioned
Store raw settings on the Nerves Key
Store settings on the NervesKey
Read the signer certificate from the slot
Return ssl_opts for using the NervesKey
Link to this section Types
Which device/signer certificate pair to use
Link to this section Functions
clear_aux_certificates(transport)
View Sourceclear_aux_certificates(ATECC508A.Transport.t()) :: :ok
Clear out the auxiliary certificates
This function overwrites the auxiliary certificate slots with
create_signing_key_pair(opts \\ [])
View Sourcecreate_signing_key_pair(keyword()) :: {X509.Certificate.t(), X509.PrivateKey.t()}
Create a signing key pair
This returns a tuple that contains a new signer certificate and private key. It is compatible with the ATECC508A certificate compression.
Options:
- :years_valid - how many years this signing key is valid for
default_info(transport)
View Sourcedefault_info(ATECC508A.Transport.t()) :: NervesKey.ProvisioningInfo.t()
Return default provisioning info for a NervesKey
This function is used for pre-programmed NervesKey devices. The serial number is a Base32-encoded version of the ATECC508A/608A's globally unique serial number. No additional care is needed to keep the number unique.
detected?(transport)
View Sourcedetected?(ATECC508A.Transport.t()) :: boolean()
Detect if a NervesKey is available on the transport
device_cert(transport, which \\ :primary)
View Sourcedevice_cert(ATECC508A.Transport.t(), certificate_pair()) :: X509.Certificate.t()
Read the device certificate from the slot
The device must be programmed for this to work.
get_raw_settings(transport)
View Sourceget_raw_settings(ATECC508A.Transport.t()) :: {:ok, binary()} | {:error, atom()}
Return the settings block as a binary
get_settings(transport)
View Sourceget_settings(ATECC508A.Transport.t()) :: {:ok, map()} | {:error, atom()}
Return all of the setting stored in the NervesKey as a map
has_aux_certificates?(transport)
View Sourcehas_aux_certificates?(ATECC508A.Transport.t()) :: boolean()
Check whether the auxiliary certificates were programmed
manufacturer_sn(transport)
View Sourcemanufacturer_sn(ATECC508A.Transport.t()) :: binary()
Read the manufacturer's serial number
provision(transport, info, signer_cert, signer_key)
View Sourceprovision( ATECC508A.Transport.t(), NervesKey.ProvisioningInfo.t(), X509.Certificate.t(), X509.PrivateKey.t() ) :: :ok
Provision a NervesKey in one step.
See the README.md for how to use this. This function locks the ATECC508A down, so you'll want to be sure what you pass it is correct.
This function does it all. It requires the signer's private key so handle that with care. Alternatively, please consider sending a PR for supporting off-device signatures so that HSMs can be used.
provision_aux_certificates(transport, signer_cert, signer_key)
View Sourceprovision_aux_certificates( ATECC508A.Transport.t(), X509.Certificate.t(), X509.PrivateKey.t() ) :: :ok
Provision the auxiliary device/signer certificates on a NervesKey.
This function creates and saves the auxiliary certificates. These
are only needed if the ones written by provision/4
are not
usable. They are not used unless explicitly requested. See the
README.md for details.
You may call this function multiple times after the ATECC508A has been provisioned.
provisioned?(transport)
View Sourceprovisioned?(ATECC508A.Transport.t()) :: boolean()
Check whether the NervesKey has been provisioned
put_raw_settings(transport, raw_settings)
View Sourceput_raw_settings(ATECC508A.Transport.t(), binary()) :: :ok
Store raw settings on the Nerves Key
This overwrites all of the settings and should be used with care since there's no protection against race conditions with other users of this API.
put_settings(transport, settings)
View Sourceput_settings(ATECC508A.Transport.t(), map()) :: :ok
Store settings on the NervesKey
This overwrites all of the settings that are currently on the key and should be used with care since there's no protection against a race condition with other NervesKey users.
signer_cert(transport, which \\ :primary)
View Sourcesigner_cert(ATECC508A.Transport.t(), certificate_pair()) :: X509.Certificate.t()
Read the signer certificate from the slot
ssl_opts(transport, which \\ :primary)
View Sourcessl_opts(ATECC508A.Transport.t(), certificate_pair()) :: keyword()
Return ssl_opts for using the NervesKey
Pass an engine and optionally which certificate that you'd like to use.