562f64f292
Updates to OEMCrypto API, OPK, ODK, and unit tests. See the file CHANGELOG.md for details.
OEM certificate generation tool
Supports
- Generating CSR (certificate signing request)
- Generating OEM intermediate certificate (for testing)
- Generating OEM leaf certificate chain
- Erasing file securely
- Getting CSR/certificate/certificate chain information
Prerequirements
- Install pip: https://pip.pypa.io/en/stable/installing/
- Install python cryptography: https://cryptography.io/en/latest/installation/
Usage
Run python3 oem_certificate.py --help to see available commands.
The arguments can be partially or fully loaded from a configuration file, for example, if file "location.cfg" is,
-C=US
-ST=CA
-L=Kirkland
-O=Some Company
-OU=Some Unit
A command of
python3 oem_certificate.py generate_csr @location.cfg -CN TestDevice1 \
--output_csr_file=csr.pem --output_private_key_file=key.der
is equivalent to
python3 oem_certificate.py generate_csr -CN TestDevice1 -C=US -ST=CA \
-L=Kirkland -O='Some Company' -OU='Some Unit' --output_csr_file=csr.pem \
--output_private_key_file=key.der.
Note that
- The arguments in the config file must be one per line;
- The arguments should not be quoted in the config file.
The script uses a default configuration file 'oem_certificate.cfg', which will be loaded automatically if exists.