3 Replies Latest reply on Jul 28, 2016 8:46 AM by olduc_2170276

    Generating DCT's with TLS Certificates/Keys



      What would you propose to create unique DCT's that contains unique certificates and keys for each other device in production. I know that in SDK 2.4.x there was a way to create DCT's, but how can we do this in 3.5.x or later?


      Thank you.

        • 1. Re: Generating DCT's with TLS Certificates/Keys

          Perhaps you could write a program that downloads the desired information from the internet, probably a private server, and write the information to the DCT using wiced_dct_write. The usage is demonstrated in snip.dct_read_write and the DCT information is outlined in WICED/platform/include/platform_dct.h.


          //<download cert>

          platform_dct_security_t dct_security_config;

          //<initialize dct_security_config>

          wiced_dct_write( (const void*) dct_security_config, DCT_SECURITY_SECTION, 0, sizeof(platform_dct_security_config_t) );



          Another method may be to just write the corresponding information to the correct locations in the flash.

          1 of 1 people found this helpful
          • 2. Re: Generating DCT's with TLS Certificates/Keys



            First of all thanks for the quick reply.


            Downloading the certificates from a server won't be an option for us because that'll be an security flaw. We want to put certificates while programming the devices.


            We'll probably go with the second option. I believe to do this, we need to generate specific DCT files for each device. (Another option would be generate different application elfs for every device but that would take a lot of time). In the WICED directory, there's a file called "generated_security_dct.h". I believe with using this kind file and a script there could be a way to generate device specific DCT files in SDK 3.x.x. Would that be easy? What would you propose to do? Where can we start for doing this?


            Thank you.

            • 3. Re: Generating DCT's with TLS Certificates/Keys


              the best option for you is to store this iinformation in the user DCT, i.e. at the end of the DCT. Then you could at programming time concatenate the DCT with the specific certificate, and then flash it.