widevine-partner/oemcrypto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
v20
oemcrypto/oem_certificate_generator
History
Googler 5387878a5b Automated update of OPK code 
Included changes:

  - 676ac7be8548d80c420591fc0b4fb9a11723ef34 Backwards compatibility script for CDM v18 and OPK v19 by Vicky Min <vickymin@google.com>
  - 3cd4f71fda91245ac0b61c4c847950952f3021c0 Change BuildInformation ree fields to optional by Matt Feddersen <mattfedd@google.com>
  - a2259e95dea40c27a4be02ad479aec8f1fc84737 Created a DICE CBOR Cert parser/serializer. by Alex Dale <sigquit@google.com>
  - b8f2c364afeb6279e5aee6488d4527e189ac42ff Don't create invalid enum value by John "Juce" Bruce <juce@google.com>
  - b0aed212a3b2dd8f752d8fc43982848c1aa6c152 Created an HLS Key type. by Alex Dale <sigquit@google.com>
  - f8cfc54b41f124ba849596dbe6438b7f271a72b7 Specify C/C++ standard when running clang-tidy on OPK by John "Juce" Bruce <juce@google.com>

GitOrigin-RevId: 676ac7be8548d80c420591fc0b4fb9a11723ef34
2025-05-30 09:58:39 -07:00
..
oem_certificate.py
Version 18.1
2023-03-09 18:06:07 -08:00
README.md
Version 18.1
2023-03-09 18:06:07 -08:00

README.md

OEM certificate generation tool

Supports

  • Generating CSR (certificate signing request)
  • Generating OEM intermediate certificate (for testing)
  • Generating OEM leaf certificate chain
  • Erasing file securely
  • Getting CSR/certificate/certificate chain information

Prerequirements

Usage

Run python3 oem_certificate.py --help to see available commands.

The arguments can be partially or fully loaded from a configuration file, for example, if file "location.cfg" is,

  -C=US
  -ST=CA
  -L=Kirkland
  -O=Some Company
  -OU=Some Unit

A command of

  python3 oem_certificate.py generate_csr @location.cfg -CN TestDevice1       \
    --output_csr_file=csr.pem --output_private_key_file=key.der

is equivalent to

  python3 oem_certificate.py generate_csr -CN TestDevice1 -C=US -ST=CA        \
    -L=Kirkland -O='Some Company' -OU='Some Unit' --output_csr_file=csr.pem  \
    --output_private_key_file=key.der.

Note that

  • The arguments in the config file must be one per line;
  • The arguments should not be quoted in the config file.

The script uses a default configuration file 'oem_certificate.cfg', which will be loaded automatically if exists.