pytrustplatform


Namepytrustplatform JSON
Version 1.1.4.18 PyPI version JSON
download
home_page
SummaryA collection of utilities for interacting with Microchip Trust Platform and Microchip CryptoAuthenticationâ„¢ devices
upload_time2023-12-12 14:38:26
maintainer
docs_urlNone
author
requires_python>=3.8
licenseMIT
keywords microchip avr-iot pic-iot
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls. 
            # pytrustplatform
pytrustplatform is a collection of utilities for interacting with Microchip Trust Platform and
Microchip CryptoAuthenticationâ„¢ devices

![PyPI - Format](https://img.shields.io/pypi/format/pytrustplatform)
![PyPI - Python Version](https://img.shields.io/pypi/pyversions/pytrustplatform)
![PyPI - License](https://img.shields.io/pypi/l/pytrustplatform)

## Overview
pytrustplatform is available:

* install using pip from pypi: https://pypi.org/project/pytrustplatform
* browse source code on github: https://github.com/microchip-pic-avr-tools/pytrustplatform
* read API documentation on github: https://microchip-pic-avr-tools.github.io/pytrustplatform
* read the changelog on github: https://github.com/microchip-pic-avr-tools/pytrustplatform/blob/main/CHANGELOG.md

## Usage
pytrustplatform can be used as a command-line interface or a library

## Command-line interface
pytrustplatform is a multi-layered command-line interface meaning that there are several commands each
with its own actions and options.

Getting help:
```bash
pytrust --help
```
Getting help for specific command:
```bash
pytrust certificate --help
```
The amount of logging is controlled by the -v/--verbose option:
```bash
pytrust -v info
```
Possible log levels are `debug`, `info`, `warning`, `error`, `critical`.  Default is `info`.

Print version info and exit:
```bash
pytrust -V
```
Print release info and exit:
```bash
pytrust -R
```
### General about command line options
Many command line options can be specified with a short form preceded with a single dash (like `-o`) or an equivalent long form preceded with double dashes (like `--output-path`). Some options only have the long form. Regardless, long options can be abbreviated to a prefix, if the abbreviation is unambiguous (the prefix matches a unique option). Example: `--organization-name` can be abbreviated to `--org` but not to `--o`. An error is produced for arguments that would match more than one option.

### Commands reading information from connected Microchip IoT kit
Some commands need to read information from the ECC chip on a Microchip IoT kit, which must be connected to a USB port.
In case, pytrustcommander will normally connect to the kit automatically, and program the required firmware into it.
If there is more than one suitable IoT kit connected, the user must select which one to use using the
-s/--serialnumber option. If the -s option is not used in this situation, a list of kits is printed.
It is sufficient to specify enough digits from the end of the serial number to make it unique.
Sample session with two kits connected:
```bash
pytrust cert read-ecc-serialnumber
ERROR - Multiple kits found.
ERROR - Please specify serial number ending digits for the one you want
ERROR - Tool: nEDBG CMSIS-DAP Serial: MCHP3203081800007239 Device: ATmega4808
ERROR - Tool: nEDBG CMSIS-DAP Serial: MCHP3261021800001323 Device: PIC24FJ128GA705

pytrust -s9 cert read-ecc-serialnumber
Reading ECC serial number from kit
012370A530B9A4A8FE

```

### Certificate command
The certificate command support certificate manipulation and parsing actions.  It can also be invoked using the cert alias:
```bash
pytrust certificate
```
is the same as
```bash
pytrust cert
```

#### Action: get-skid
Get the Subject Key Identifier from a certificate. The SKID is printed to standard output.
* use --cert to specify certificate file

Example:
```bash
pytrust certificate get-skid --cert mycertificate.crt
```

#### Action: get-common-name
Get the Common Name from a certificate. The Common Name is printed to standard output.
* use --cert to specify certificate file

Example:
```bash
pytrust certificate get-common-name --cert mycertificate.crt
```

#### Action: create-from-ecc
Create device and signer certificates using compressed certificate data read out from the ECC device.
This comamnd requires a Microchip IoT kit is connected. The device and signer certificate are stored in
output folder in files named "device_ecc608.crt" and "signer_ecc608.crt", respectively.
* use -dct to optionally specify a device certificate template file
* use -sct to optionally specify a signer certificate template file
* use -o to optionally specify a path to store the certificates created (defaults to '.')

Example:
```bash
pytrust certificate create-from-ecc -o mycertificates
```

#### Action: create-csr
Create a device Certificate Signing Request (CSR) from data read out from the ECC device.
This comamnd requires a Microchip IoT kit is connected. The CSR will be written to a file in output folder, in file "device.csr".

Example:
```bash
pytrust certificate create-csr
```

#### Action: create-from-csr
Create a device certificate using a Certificate Signing Request (CSR) created from data read out from the ECC device. This comamnd requires a Microchip IoT kit is connected. Both the certificate and the CSR will be written to files in output folder, in files "device.crt" and "device.csr", respectively.
* use -scak to specify signer Certificate Authority (CA) private key file
* use -scac to to specify signer Certificate Authority (CA) certificate file
* use -o to optionally specify a path to store the certificate and CSR created (defaults to '.')

Example:
```bash
pytrust certificate create-from-csr -o mycertificates -scak my_signer-ca.key -scac my_signer-ca.crt
```

#### Action: create-verification
Create a verification certificate from a signer Certificate Authority (CA) certificate and private key.
Certificate is placed in output folder, file name "verification.crt".
The verification certificate is typically used when registering the CA with a cloud provider.
* use -scak to specify signer Certificate Authority (CA) private key file
* use -scac to to specify signer Certificate Authority (CA) certificate file
* use --registration-code to specify the registration code to be used in the verification certificate
* use -o to optionally specify a path to store the certificate created (defaults to '.')

Example:
```bash
pytrust certificate create-verification -o mycertificates -scac my_signer_ca.crt -scak my_signer_ca.key --reg 0123456789
```
#### Action: fingerprint
Generates a fingerprint from a certificate file passed in. The fingerprint is printed to standard output.

Example:
```bash
pytrust cert fingerprint -cert device.crt
```

#### Action: create-chain-of-trust
Create a chain of trust with root CA, signer CSR and signer certificates at current or specified folder.
The certificates are placed in the output folder, filenames "root-ca.crt", "signer-ca.csr", and "signer-ca.crt",
respectively.
* use -o to optionally specify a path to store the certificate created (defaults to '.')
* use --org to optionally change issuer Organization name (defaults to 'Example Inc')
* use --root-common-name to optionally change root CA certificate Common Name (defaults to 'Example Root CA')
* use -signer-common-name to optionally change signer CA certificate Common Name (defaults to 'Example Signer FFFF')


Example:
```bash
pytrust cert -o my-root-certs --org "Microchip Technology Inc" -rcn "Microchip Root CA" -scn "Microchip Signer" create-chain-of-trust
```

### Manifest command
The manifest command supports building of, decoding and searching in Microchip secure elements manifests.
```bash
pytrust manifest
```
is the same as
```bash
pytrust man
```

#### Action: create-from-certificates
Creates a manifest based on a device and signer certificate.
```bash
pytrust manifest create-from-certificates manifest-file.json --manifest-signer-cert my_manifest_signer.crt --manifest-signer-key my_manifest_signer.key --device-cert device.crt --signer-cert signer.crt
```

#### Action: create-from-secure-element
Create a manifest based on a secure element. This command will only work with supported development kits e.g. AVR-IoT/PIC-IoT. The tool will automatically detect any connected supported development tool, load the provisioning bridge FW and get all data required to build the secure element in the manifest from the secure element.
```bash
pytrust manifest create-from-secure-element manifest.json --manifest-signer-cert manifest_signer.crt --manifest-signer-key manifest_signer.key
```

#### Action: get-certificates
Extracts certificates from secure elements in the manifest.
With no parameters it will extract all secure element "device certificates" and put them into the current directory.
```bash
pytrust manifest get-certificates manifest-file.json
```

Below example extracts both certificates (0=device certificate, 1=signer certificate) for all secure elements in the manifest and puts them into the `./my_output_dir` directory.
```bash
pytrust manifest get-certificates manifest-file.json --cert-index 0,1 --outdir ./my_output_dir
```

Extract device and signer certificates only for the secure element with `--id 01230390b3d1450c01` and put them into ./my_output_dir directory.
```bash
pytrust manifest get-certificates manifest-file.json --cert-index 0,1 --outdir ./my_output_dir --id 01230390b3d1450c01
```

#### Action: get-secure-element
Get a secure element from the manifest by providing a unique ID.
 ```bash
pytrust manifest get-secure-element manifest-file.json --id 01230390b3d1450c01
```

#### Action: list-secure-element-ids
List all secure element IDs that are present in the manifest.
```bash
pytrust manifest list-secure-element-ids manifest-file.json
```

#### Action: list-secure-elements
List secure elements that are present in the manifest. The full content of each manifest will be printed.
```bash
pytrust manifest list-secure-elements manifest-file.json
```

## Library
pytrustplatform is a collection of utilities and it can be used as a library by accessing the individual modules.

### Logging
This package uses the Python logging module for publishing log messages to library users.
A basic configuration can be used (see example below), but for best results a more thorough configuration is
recommended in order to control the verbosity of output from dependencies in the stack which also use logging.
See logging.yaml which is included in the package (although only used for CLI).
```python
# pytrustplatform uses the Python logging module
import logging
logging.basicConfig(format="%(levelname)s: %(message)s", level=logging.WARNING)
```

### Fetching data from a certificate
The `cert_get_data` module contains functions to fetch various information from a certificate. For example:
```python
# Fetch the Subject Key Identifier from a certificate
from pytrustplatform.cert_get_data import cert_get_skid
skid = cert_get_skid("mycertificate.crt")

# Fetch Common Name from a certificate:
from pytrustplatform.cert_get_data import cert_get_common_name
common_name = cert_get_common_name("mycertificate.crt")
```

### Create device certificate from CSR
Building a device certificate will implicitly generate a Certificate Signing Request (CSR)
```python
from serial import Serial
from pytrustplatform.device_cert_builder import build_device_cert
from pykitcommander.kitprotocols import setup_kit

# Fetch a protocol object from pykitcommander
info = setup_kit('iotprovision')

# Collect required info to continue:
port = info['port']
baud = info['protocol_baud']
protocol = info['protocol_class']

# Use the Serial driver with context manager to be sure port is closed after use
with Serial(port=port, baudrate=baud) as serial_connection:
    firmware_driver = protocol(serial_connection)
    # Build device certificate.  A CSR will be generated as part of the process.  Both will be written to file
    build_device_cert(firmware_driver, "my_signer-ca.crt", "my_signer-ca.key", "generated.csr", "generated_device.crt")
```

### Create verification certificate
```python
from pytrustplatform.verification_cert_builder import build_verification_cert

build_verification_cert("my_signer-ca.crt", "my_signer-ca.key", "MY_REGCODE_0123456789", "generated_verification.crt")
```

### Create device and signer certificate from ECC data
Generate certificates from compressed certificates on an ECC device

```python
from serial import Serial
from pykitcommander.kitprotocols import setup_kit
from pytrustplatform.ecc_cert_builder import build_certs_from_ecc

# Fetch a protocol object from pykitcommander
info = setup_kit('iotprovision')

# Collect required info to continue:
port = info['port']
baud = info['protocol_baud']
protocol = info['protocol_class']

# Use the Serial driver with context manager to be sure port is closed after use
with Serial(port=port, baudrate=baud) as serial_connection:
    firmware_driver = protocol(serial_connection)
    # Build device certificate and signer certificate.  Both will be written to file.
    ecc_device_cert, ecc_signer_cert = build_certs_from_ecc(firmware_driver, "generated_signer.crt", "generated_device.crt")
```

### Create chain of trust
Create a chain of trust.  Keys can be generated or already existing keys can be provided

```python
from pytrustplatform.ca_create import ca_create_root, ca_create_signer_csr, ca_create_signer

# Create Root, generates root private key (if it does not exist) and root certificate
ca_create_root("generated_root.key", "generated_root.crt")

# Create signer CA CSR and signer CA private key (if it does not exist)
ca_create_signer_csr("generated_signer_ca.key", "generated_signer_ca.csr")

# Create signer certificate based on previously generated root key, root certificate and signer CSR
ca_create_signer("generated_signer_ca.csr",
                 "generated_signer_ca.crt",
                 "generated_root.key",
                 "generated_root.crt")
```
## Linux systems
This package uses pyedbglib and other libraries for USB transport and some udev rules are required.
For details see the pyedbglib package: https://pypi.org/project/pyedbglib

# Changelog

## [1.1] - December 2023

### Fixed
- DSG-5629 pytrust manifest ignores --serial, --skip-target-programming and --port for create-from-secure-element command
- DSG-5679 pytrust manifest logs error messages when not finding public keys in slots
- DSG-6136 PEP-0440 compliance for pytrustplatform

## [1.0.9] - September 2022

### Added
- DSG-5347 Added `create-csr` action to `certificate` subcommand
- DSG-5347 Added `--country` option to `certificate` subcommand
- DSG-4166 Added examples for manifest usage
- DSG-4412 Added ECC point conversion helper functions (ecc_conversions.py)
- DSG-5626 Added CLI -P argument to specify serial port, overriding auto-detection

### Changed
- DSG-5397 CLI `--skip-target-programming` option now has global scope only, and must be placed before subcommand
- DSG-5397 CLI `-v`/`--verbose` option now has global scope only, and must be placed before subcommand
- DSG-5397 CLI short form options now always use single-dash prefix (eg `-scac` instead of `--scac`)
- DSG-5446 Added metadata tag for Python 3.10
- DSG-5550 Removed metadata tag for Python 3.6
- DSG-5624 Updated pyedbglib dependency requirement for improved serial port detection

### Fixed
- DSG-4411 pytrustplatform reads command handler version instead of target firmware version

## [0.15.4] - December 2021

### Added
- DSG-2808 New ECC type detection
- DSG-2864 Configurable ORG name for certificate
- DSG-3978 Manifest utility
- DSG-4197 Sphinx documentation
- DSG-3979 Source release to GitHub

## [0.12.1] - April 2021

### Changed
- DSG-3307 Cosmetic changes for publication

## [0.12.0] - February 2021
- First public release to PyPi

Raw data

            {
    "_id": null,
    "home_page": "",
    "name": "pytrustplatform",
    "maintainer": "",
    "docs_url": null,
    "requires_python": ">=3.8",
    "maintainer_email": "",
    "keywords": "Microchip,AVR-IOT,PIC-IOT",
    "author": "",
    "author_email": "Microchip Technology <support@microchip.com>",
    "download_url": "",
    "platform": null,
    "description": "# pytrustplatform\npytrustplatform is a collection of utilities for interacting with Microchip Trust Platform and\nMicrochip CryptoAuthentication\u2122 devices\n\n![PyPI - Format](https://img.shields.io/pypi/format/pytrustplatform)\n![PyPI - Python Version](https://img.shields.io/pypi/pyversions/pytrustplatform)\n![PyPI - License](https://img.shields.io/pypi/l/pytrustplatform)\n\n## Overview\npytrustplatform is available:\n\n* install using pip from pypi: https://pypi.org/project/pytrustplatform\n* browse source code on github: https://github.com/microchip-pic-avr-tools/pytrustplatform\n* read API documentation on github: https://microchip-pic-avr-tools.github.io/pytrustplatform\n* read the changelog on github: https://github.com/microchip-pic-avr-tools/pytrustplatform/blob/main/CHANGELOG.md\n\n## Usage\npytrustplatform can be used as a command-line interface or a library\n\n## Command-line interface\npytrustplatform is a multi-layered command-line interface meaning that there are several commands each\nwith its own actions and options.\n\nGetting help:\n```bash\npytrust --help\n```\nGetting help for specific command:\n```bash\npytrust certificate --help\n```\nThe amount of logging is controlled by the -v/--verbose option:\n```bash\npytrust -v info\n```\nPossible log levels are `debug`, `info`, `warning`, `error`, `critical`.  Default is `info`.\n\nPrint version info and exit:\n```bash\npytrust -V\n```\nPrint release info and exit:\n```bash\npytrust -R\n```\n### General about command line options\nMany command line options can be specified with a short form preceded with a single dash (like `-o`) or an equivalent long form preceded with double dashes (like `--output-path`). Some options only have the long form. Regardless, long options can be abbreviated to a prefix, if the abbreviation is unambiguous (the prefix matches a unique option). Example: `--organization-name` can be abbreviated to `--org` but not to `--o`. An error is produced for arguments that would match more than one option.\n\n### Commands reading information from connected Microchip IoT kit\nSome commands need to read information from the ECC chip on a Microchip IoT kit, which must be connected to a USB port.\nIn case, pytrustcommander will normally connect to the kit automatically, and program the required firmware into it.\nIf there is more than one suitable IoT kit connected, the user must select which one to use using the\n-s/--serialnumber option. If the -s option is not used in this situation, a list of kits is printed.\nIt is sufficient to specify enough digits from the end of the serial number to make it unique.\nSample session with two kits connected:\n```bash\npytrust cert read-ecc-serialnumber\nERROR - Multiple kits found.\nERROR - Please specify serial number ending digits for the one you want\nERROR - Tool: nEDBG CMSIS-DAP Serial: MCHP3203081800007239 Device: ATmega4808\nERROR - Tool: nEDBG CMSIS-DAP Serial: MCHP3261021800001323 Device: PIC24FJ128GA705\n\npytrust -s9 cert read-ecc-serialnumber\nReading ECC serial number from kit\n012370A530B9A4A8FE\n\n```\n\n### Certificate command\nThe certificate command support certificate manipulation and parsing actions.  It can also be invoked using the cert alias:\n```bash\npytrust certificate\n```\nis the same as\n```bash\npytrust cert\n```\n\n#### Action: get-skid\nGet the Subject Key Identifier from a certificate. The SKID is printed to standard output.\n* use --cert to specify certificate file\n\nExample:\n```bash\npytrust certificate get-skid --cert mycertificate.crt\n```\n\n#### Action: get-common-name\nGet the Common Name from a certificate. The Common Name is printed to standard output.\n* use --cert to specify certificate file\n\nExample:\n```bash\npytrust certificate get-common-name --cert mycertificate.crt\n```\n\n#### Action: create-from-ecc\nCreate device and signer certificates using compressed certificate data read out from the ECC device.\nThis comamnd requires a Microchip IoT kit is connected. The device and signer certificate are stored in\noutput folder in files named \"device_ecc608.crt\" and \"signer_ecc608.crt\", respectively.\n* use -dct to optionally specify a device certificate template file\n* use -sct to optionally specify a signer certificate template file\n* use -o to optionally specify a path to store the certificates created (defaults to '.')\n\nExample:\n```bash\npytrust certificate create-from-ecc -o mycertificates\n```\n\n#### Action: create-csr\nCreate a device Certificate Signing Request (CSR) from data read out from the ECC device.\nThis comamnd requires a Microchip IoT kit is connected. The CSR will be written to a file in output folder, in file \"device.csr\".\n\nExample:\n```bash\npytrust certificate create-csr\n```\n\n#### Action: create-from-csr\nCreate a device certificate using a Certificate Signing Request (CSR) created from data read out from the ECC device. This comamnd requires a Microchip IoT kit is connected. Both the certificate and the CSR will be written to files in output folder, in files \"device.crt\" and \"device.csr\", respectively.\n* use -scak to specify signer Certificate Authority (CA) private key file\n* use -scac to to specify signer Certificate Authority (CA) certificate file\n* use -o to optionally specify a path to store the certificate and CSR created (defaults to '.')\n\nExample:\n```bash\npytrust certificate create-from-csr -o mycertificates -scak my_signer-ca.key -scac my_signer-ca.crt\n```\n\n#### Action: create-verification\nCreate a verification certificate from a signer Certificate Authority (CA) certificate and private key.\nCertificate is placed in output folder, file name \"verification.crt\".\nThe verification certificate is typically used when registering the CA with a cloud provider.\n* use -scak to specify signer Certificate Authority (CA) private key file\n* use -scac to to specify signer Certificate Authority (CA) certificate file\n* use --registration-code to specify the registration code to be used in the verification certificate\n* use -o to optionally specify a path to store the certificate created (defaults to '.')\n\nExample:\n```bash\npytrust certificate create-verification -o mycertificates -scac my_signer_ca.crt -scak my_signer_ca.key --reg 0123456789\n```\n#### Action: fingerprint\nGenerates a fingerprint from a certificate file passed in. The fingerprint is printed to standard output.\n\nExample:\n```bash\npytrust cert fingerprint -cert device.crt\n```\n\n#### Action: create-chain-of-trust\nCreate a chain of trust with root CA, signer CSR and signer certificates at current or specified folder.\nThe certificates are placed in the output folder, filenames \"root-ca.crt\", \"signer-ca.csr\", and \"signer-ca.crt\",\nrespectively.\n* use -o to optionally specify a path to store the certificate created (defaults to '.')\n* use --org to optionally change issuer Organization name (defaults to 'Example Inc')\n* use --root-common-name to optionally change root CA certificate Common Name (defaults to 'Example Root CA')\n* use -signer-common-name to optionally change signer CA certificate Common Name (defaults to 'Example Signer FFFF')\n\n\nExample:\n```bash\npytrust cert -o my-root-certs --org \"Microchip Technology Inc\" -rcn \"Microchip Root CA\" -scn \"Microchip Signer\" create-chain-of-trust\n```\n\n### Manifest command\nThe manifest command supports building of, decoding and searching in Microchip secure elements manifests.\n```bash\npytrust manifest\n```\nis the same as\n```bash\npytrust man\n```\n\n#### Action: create-from-certificates\nCreates a manifest based on a device and signer certificate.\n```bash\npytrust manifest create-from-certificates manifest-file.json --manifest-signer-cert my_manifest_signer.crt --manifest-signer-key my_manifest_signer.key --device-cert device.crt --signer-cert signer.crt\n```\n\n#### Action: create-from-secure-element\nCreate a manifest based on a secure element. This command will only work with supported development kits e.g. AVR-IoT/PIC-IoT. The tool will automatically detect any connected supported development tool, load the provisioning bridge FW and get all data required to build the secure element in the manifest from the secure element.\n```bash\npytrust manifest create-from-secure-element manifest.json --manifest-signer-cert manifest_signer.crt --manifest-signer-key manifest_signer.key\n```\n\n#### Action: get-certificates\nExtracts certificates from secure elements in the manifest.\nWith no parameters it will extract all secure element \"device certificates\" and put them into the current directory.\n```bash\npytrust manifest get-certificates manifest-file.json\n```\n\nBelow example extracts both certificates (0=device certificate, 1=signer certificate) for all secure elements in the manifest and puts them into the `./my_output_dir` directory.\n```bash\npytrust manifest get-certificates manifest-file.json --cert-index 0,1 --outdir ./my_output_dir\n```\n\nExtract device and signer certificates only for the secure element with `--id 01230390b3d1450c01` and put them into ./my_output_dir directory.\n```bash\npytrust manifest get-certificates manifest-file.json --cert-index 0,1 --outdir ./my_output_dir --id 01230390b3d1450c01\n```\n\n#### Action: get-secure-element\nGet a secure element from the manifest by providing a unique ID.\n ```bash\npytrust manifest get-secure-element manifest-file.json --id 01230390b3d1450c01\n```\n\n#### Action: list-secure-element-ids\nList all secure element IDs that are present in the manifest.\n```bash\npytrust manifest list-secure-element-ids manifest-file.json\n```\n\n#### Action: list-secure-elements\nList secure elements that are present in the manifest. The full content of each manifest will be printed.\n```bash\npytrust manifest list-secure-elements manifest-file.json\n```\n\n## Library\npytrustplatform is a collection of utilities and it can be used as a library by accessing the individual modules.\n\n### Logging\nThis package uses the Python logging module for publishing log messages to library users.\nA basic configuration can be used (see example below), but for best results a more thorough configuration is\nrecommended in order to control the verbosity of output from dependencies in the stack which also use logging.\nSee logging.yaml which is included in the package (although only used for CLI).\n```python\n# pytrustplatform uses the Python logging module\nimport logging\nlogging.basicConfig(format=\"%(levelname)s: %(message)s\", level=logging.WARNING)\n```\n\n### Fetching data from a certificate\nThe `cert_get_data` module contains functions to fetch various information from a certificate. For example:\n```python\n# Fetch the Subject Key Identifier from a certificate\nfrom pytrustplatform.cert_get_data import cert_get_skid\nskid = cert_get_skid(\"mycertificate.crt\")\n\n# Fetch Common Name from a certificate:\nfrom pytrustplatform.cert_get_data import cert_get_common_name\ncommon_name = cert_get_common_name(\"mycertificate.crt\")\n```\n\n### Create device certificate from CSR\nBuilding a device certificate will implicitly generate a Certificate Signing Request (CSR)\n```python\nfrom serial import Serial\nfrom pytrustplatform.device_cert_builder import build_device_cert\nfrom pykitcommander.kitprotocols import setup_kit\n\n# Fetch a protocol object from pykitcommander\ninfo = setup_kit('iotprovision')\n\n# Collect required info to continue:\nport = info['port']\nbaud = info['protocol_baud']\nprotocol = info['protocol_class']\n\n# Use the Serial driver with context manager to be sure port is closed after use\nwith Serial(port=port, baudrate=baud) as serial_connection:\n    firmware_driver = protocol(serial_connection)\n    # Build device certificate.  A CSR will be generated as part of the process.  Both will be written to file\n    build_device_cert(firmware_driver, \"my_signer-ca.crt\", \"my_signer-ca.key\", \"generated.csr\", \"generated_device.crt\")\n```\n\n### Create verification certificate\n```python\nfrom pytrustplatform.verification_cert_builder import build_verification_cert\n\nbuild_verification_cert(\"my_signer-ca.crt\", \"my_signer-ca.key\", \"MY_REGCODE_0123456789\", \"generated_verification.crt\")\n```\n\n### Create device and signer certificate from ECC data\nGenerate certificates from compressed certificates on an ECC device\n\n```python\nfrom serial import Serial\nfrom pykitcommander.kitprotocols import setup_kit\nfrom pytrustplatform.ecc_cert_builder import build_certs_from_ecc\n\n# Fetch a protocol object from pykitcommander\ninfo = setup_kit('iotprovision')\n\n# Collect required info to continue:\nport = info['port']\nbaud = info['protocol_baud']\nprotocol = info['protocol_class']\n\n# Use the Serial driver with context manager to be sure port is closed after use\nwith Serial(port=port, baudrate=baud) as serial_connection:\n    firmware_driver = protocol(serial_connection)\n    # Build device certificate and signer certificate.  Both will be written to file.\n    ecc_device_cert, ecc_signer_cert = build_certs_from_ecc(firmware_driver, \"generated_signer.crt\", \"generated_device.crt\")\n```\n\n### Create chain of trust\nCreate a chain of trust.  Keys can be generated or already existing keys can be provided\n\n```python\nfrom pytrustplatform.ca_create import ca_create_root, ca_create_signer_csr, ca_create_signer\n\n# Create Root, generates root private key (if it does not exist) and root certificate\nca_create_root(\"generated_root.key\", \"generated_root.crt\")\n\n# Create signer CA CSR and signer CA private key (if it does not exist)\nca_create_signer_csr(\"generated_signer_ca.key\", \"generated_signer_ca.csr\")\n\n# Create signer certificate based on previously generated root key, root certificate and signer CSR\nca_create_signer(\"generated_signer_ca.csr\",\n                 \"generated_signer_ca.crt\",\n                 \"generated_root.key\",\n                 \"generated_root.crt\")\n```\n## Linux systems\nThis package uses pyedbglib and other libraries for USB transport and some udev rules are required.\nFor details see the pyedbglib package: https://pypi.org/project/pyedbglib\n\n# Changelog\n\n## [1.1] - December 2023\n\n### Fixed\n- DSG-5629 pytrust manifest ignores --serial, --skip-target-programming and --port for create-from-secure-element command\n- DSG-5679 pytrust manifest logs error messages when not finding public keys in slots\n- DSG-6136 PEP-0440 compliance for pytrustplatform\n\n## [1.0.9] - September 2022\n\n### Added\n- DSG-5347 Added `create-csr` action to `certificate` subcommand\n- DSG-5347 Added `--country` option to `certificate` subcommand\n- DSG-4166 Added examples for manifest usage\n- DSG-4412 Added ECC point conversion helper functions (ecc_conversions.py)\n- DSG-5626 Added CLI -P argument to specify serial port, overriding auto-detection\n\n### Changed\n- DSG-5397 CLI `--skip-target-programming` option now has global scope only, and must be placed before subcommand\n- DSG-5397 CLI `-v`/`--verbose` option now has global scope only, and must be placed before subcommand\n- DSG-5397 CLI short form options now always use single-dash prefix (eg `-scac` instead of `--scac`)\n- DSG-5446 Added metadata tag for Python 3.10\n- DSG-5550 Removed metadata tag for Python 3.6\n- DSG-5624 Updated pyedbglib dependency requirement for improved serial port detection\n\n### Fixed\n- DSG-4411 pytrustplatform reads command handler version instead of target firmware version\n\n## [0.15.4] - December 2021\n\n### Added\n- DSG-2808 New ECC type detection\n- DSG-2864 Configurable ORG name for certificate\n- DSG-3978 Manifest utility\n- DSG-4197 Sphinx documentation\n- DSG-3979 Source release to GitHub\n\n## [0.12.1] - April 2021\n\n### Changed\n- DSG-3307 Cosmetic changes for publication\n\n## [0.12.0] - February 2021\n- First public release to PyPi\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "A collection of utilities for interacting with Microchip Trust Platform and Microchip CryptoAuthentication\u2122 devices",
    "version": "1.1.4.18",
    "project_urls": {
        "Homepage": "https://github.com/microchip-pic-avr-tools/pytrustplatform"
    },
    "split_keywords": [
        "microchip",
        "avr-iot",
        "pic-iot"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "05b72af06faba059e74d84cad1eac0ff8540b0073f7baddaa01f1e136c5e5591",
                "md5": "0552bc273dd72714433f158d8e08c337",
                "sha256": "976ec9561fc52ba7e8d4aba6fa43951b1afa21153869aad14dba4a09b684c89c"
            },
            "downloads": -1,
            "filename": "pytrustplatform-1.1.4.18-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "0552bc273dd72714433f158d8e08c337",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.8",
            "size": 60982,
            "upload_time": "2023-12-12T14:38:26",
            "upload_time_iso_8601": "2023-12-12T14:38:26.148242Z",
            "url": "https://files.pythonhosted.org/packages/05/b7/2af06faba059e74d84cad1eac0ff8540b0073f7baddaa01f1e136c5e5591/pytrustplatform-1.1.4.18-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-12-12 14:38:26",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "microchip-pic-avr-tools",
    "github_project": "pytrustplatform",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "requirements": [],
    "lcname": "pytrustplatform"
}
Elapsed time: 0.17293s