Generating DCT's with TLS Certificates/Keys

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
Anonymous
Not applicable

Hello,

What would you propose to create unique DCT's that contains unique certificates and keys for each other device in production. I know that in SDK 2.4.x there was a way to create DCT's, but how can we do this in 3.5.x or later?

Thank you.

0 Likes
3 Replies
AndrewY_86
Employee
Employee
25 sign-ins 25 replies posted 10 replies posted

Perhaps you could write a program that downloads the desired information from the internet, probably a private server, and write the information to the DCT using wiced_dct_write. The usage is demonstrated in snip.dct_read_write and the DCT information is outlined in WICED/platform/include/platform_dct.h.

//<download cert>

platform_dct_security_t dct_security_config;

//<initialize dct_security_config>

wiced_dct_write( (const void*) dct_security_config, DCT_SECURITY_SECTION, 0, sizeof(platform_dct_security_config_t) );

Another method may be to just write the corresponding information to the correct locations in the flash.

Anonymous
Not applicable

Hello,

First of all thanks for the quick reply.

Downloading the certificates from a server won't be an option for us because that'll be an security flaw. We want to put certificates while programming the devices.

We'll probably go with the second option. I believe to do this, we need to generate specific DCT files for each device. (Another option would be generate different application elfs for every device but that would take a lot of time). In the WICED directory, there's a file called "generated_security_dct.h". I believe with using this kind file and a script there could be a way to generate device specific DCT files in SDK 3.x.x. Would that be easy? What would you propose to do? Where can we start for doing this?

Thank you.

0 Likes
Anonymous
Not applicable

Hello,

the best option for you is to store this iinformation in the user DCT, i.e. at the end of the DCT. Then you could at programming time concatenate the DCT with the specific certificate, and then flash it.

0 Likes