Provisioning

The Zerynth Toolchain allows to easily provision cryto elements by means of the provisioning commands group.

Scan for a Crypto Element Address

The command:

ztc provisioning crypto-scan device_alias

Warning

It is mandatory for the following commands to correctly execute to flash the Configurator firmware first.

Read Crypto Element Configuration

The command:

ztc provisioning read-config device_alias

Reads and outputs the configuration of the crypto element plugged to device with alias alias.

Available command options are:

  • --output path, to specify a path to store read configuration in binary format.

Retrieve Public Key

The command:

ztc provisioning get-public device_alias private_slot

Retrieves the public key derived from private key stored in private_slot key slot of the crypto element plugged to the device with alias device_alias.

Available command options are:

  • --format pubkey_format, to specify the output format of the public key: pem or hex. pem by default;
  • --output path, to specify a path to store retrieved public key. If a folder is given, the key is saved to public.pubkey_format file.

Write Crypto Element Configuration

The command:

ztc provisioning write-config device_alias configuration_file

Writes configuration specified in configuration_file file to the crypto element plugged to device with alias device_alias. Configuration can be a YAML or a binary file.

An example YAML configuration file can be copied to configuration_file path if get is passed as device_alias:

ztc provisioning write-config get 'my_configuration.yaml'

while valid binary configurations are output by the read config command.

Available command options are:

  • --lock lock_value, if True locks written configuration;

Get Certificate Signing Request

The command:

ztc provisioning get-csr device_alias private_slot subject

Retrieves a Certificate Signing Request built on subject subject and signed with private key store in slot private_slot of the crypto element plugged to device with alias alias. subject is a string containing a comma-separated list of OID types and values (e.g. "C=IT,O=ZER,CN=device 1").

Available command options are:

  • --output path, to specify a path to store retrieved CSR. If a folder is given, the CSR is saved to atecc.csr file.

Locked

The command:

ztc provisioning locked device_alias

Outputs the lock state of the crypto element plugged to device with alias alias.

Serial Number

The command:

ztc provisioning serial-number device_alias

Outputs the serial number of the crypto element plugged to device with alias alias.

Store Public

The command:

ztc provisioning store-public device_alias slot public_key

Stores a public key in slot slot of the crypto element plugged to device with alias alias. Public key is retrieved from file public_key and is expected to be in pem format.

Store Certificate

The command:

ztc provisioning store-certificate device_alias certificate_type certificate

Stores a compressed certificate to the crypto element plugged to device with alias alias. Certificate is retrieved from file certificate and is expected to be in pem format.