User Tools

Site Tools


identity_and_role_certificates

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
identity_and_role_certificates [2017/07/11 17:24]
Kevin Kane Extended with some API reference and sample code pointers
identity_and_role_certificates [2017/07/11 17:26] (current)
Kevin Kane Fixed wiki markup
Line 21: Line 21:
 Sample code for provisioning certificates is available in resource/​csdk/​security/​provisioning/​sample/​autoprovisioningclient.c. IoTivity also ships with a utility called "​certgenerator"​ whose code is in resource/​csdk/​security/​provisioning/​sample/​certgenerator.cpp which can generate suitable certificates from the command line. Sample code for provisioning certificates is available in resource/​csdk/​security/​provisioning/​sample/​autoprovisioningclient.c. IoTivity also ships with a utility called "​certgenerator"​ whose code is in resource/​csdk/​security/​provisioning/​sample/​certgenerator.cpp which can generate suitable certificates from the command line.
  
-* OCProvisionTrustCertChain is used to provision a trust certificate chain to a device. +Relevant APIs: 
-* OCGetCSRResource is used to query a device'​s CSR resource and retrieve the CSR. + 
-* OCVerifyCSRSignature is used to verify that a CSR's signature is valid for the public key presented. +  ​* OCProvisionTrustCertChain is used to provision a trust certificate chain to a device. 
-* OCProvisionCertificate is used to provision a certificate to the device.+  * OCGetCSRResource is used to query a device'​s CSR resource and retrieve the CSR. 
 +  * OCVerifyCSRSignature is used to verify that a CSR's signature is valid for the public key presented. 
 +  * OCProvisionCertificate is used to provision a certificate to the device.
  
 The following helper functions are also provided to make it easier to work with certificates and CSRs: The following helper functions are also provided to make it easier to work with certificates and CSRs:
  
-* OCGetUuidFromCSR retrieves the requested subject UUID provided by the device. This assumes the device provides a CSR including a subject name in the form of a UUID; if any other arbitrary name is found, this function will fail. +  ​* OCGetUuidFromCSR retrieves the requested subject UUID provided by the device. This assumes the device provides a CSR including a subject name in the form of a UUID; if any other arbitrary name is found, this function will fail. 
-* OCGetPublicKeyFromCSR retrieves the public key from the CSR. +  * OCGetPublicKeyFromCSR retrieves the public key from the CSR. 
-* OCGenerateRandomSerialNumber generates a random number suitable for use as a serial number. Recommended best practice is to always use randomly generated serial numbers, and not sequential ones. In our sample code we do not keep a record of what serial numbers have been issued, and the chances of the same random number being generated twice are quite small; however, a CMS operating in a production environment,​ especially if it issues large numbers of certificates,​ should be designed to keep track of what serial numbers have been issued, and ensure that the same serial number is not used for two different certificates. +  * OCGenerateRandomSerialNumber generates a random number suitable for use as a serial number. Recommended best practice is to always use randomly generated serial numbers, and not sequential ones. In our sample code we do not keep a record of what serial numbers have been issued, and the chances of the same random number being generated twice are quite small; however, a CMS operating in a production environment,​ especially if it issues large numbers of certificates,​ should be designed to keep track of what serial numbers have been issued, and ensure that the same serial number is not used for two different certificates. 
-* OCGenerateIdentityCertificate generates a certificate used to assert an identity, taking as input many of the outputs of the functions above. +  * OCGenerateIdentityCertificate generates a certificate used to assert an identity, taking as input many of the outputs of the functions above. 
-* OCGenerateCACertificate generates a self-signed certificate used for issuing certificates. +  * OCGenerateCACertificate generates a self-signed certificate used for issuing certificates. 
-* OCGenerateRoleCertificate generates a certificate used to assert a role. +  * OCGenerateRoleCertificate generates a certificate used to assert a role. 
-* OCGenerateKeyPair generates a new public/​private key pair, which is necessary when setting up a CMS's Certificate Authority.+  * OCGenerateKeyPair generates a new public/​private key pair, which is necessary when setting up a CMS's Certificate Authority.
identity_and_role_certificates.txt · Last modified: 2017/07/11 17:26 by Kevin Kane