Skip to content

X509

This module allows to perform useful operations involving x509 certificates.

generate_csr_for_key

generate_csr_for_key(key, subject) Generate a Certificate Signing Request from subject signed with key key.

  • param subject

    is a string containing a comma-separated list of OID types and values (e.g. "C=IT,O=ZER,CN=device 1")

  • param key

    can be: a null terminated string (must end with a 0 byte) containing a valid key or an empty string to use a hardware one.

To enable the use of hardware keys a hardware cryptographic interface must be started.

For example, with an ATECC508A (ATECCx08A interface):

import x509
from microchip.ateccx08a import ateccx08a

# ...

ateccx08a.hwcrypto_init(I2C0, 0) # select private key stored in slot 0
x509.generate_csr_for_key('', subject)

(in this case ZERYNTH_HWCRYPTO_ATECCx08A must be also set to true in project.yml)

Note

generating a CSR requires a big stack, probably not available inside the main thread. It is suggested to call this function from a separate thread with a custom stack size (e.g. thread(generate_function, size=12288)) .