search
Get FDA readyServicesHelm help

Extract certificates from provisioned devices

hashtag
Extract certificates via API

Extracting keys and certificates through the Guardian API consists of using the Guardian Library to complete the two certificate and key extraction steps.

hashtag
C# example

public static void GetKeyAndCerts()
{
    medcrypt.guardian.InitializeFiles initializeFiles =
        new medcrypt.guardian.InitializeFiles();

    /* read provisioned files into file structure */
    initializeFiles.trustStore =
        File.ReadAllBytes(@"TrustStore.mcts");
    initializeFiles.privateIdentity =
        File.ReadAllBytes(@"PrivateIdentity.mcpi");
    initializeFiles.certifiedProfile =
        File.ReadAllBytes(@"CertifiedProfile.mcp");

    /* customer data about the provisioning system */
    string componentHandle = "my_component_handle";
    string hardwareId = "my_serial_number";
    string serviceName = "my_service_name";

    /* accept input options, or create default */
    medcrypt.guardian.InitializeOptions options =
       new medcrypt.guardian.InitializeOptions();

    /* initialize guardian for configured operations (key and cert)*/
    medcrypt.guardian.Guardian gdn = new medcrypt.guardian.Guardian();

    gdn.Initialize(
        initializeFiles,
        componentHandle,
        hardwareId,
        new medcrypt.guardian.InitializeOptions());

    List<byte[]> certs = null;
    byte[] key = null;

    medcrypt.guardian.IService service = gdn.FindService(serviceName);

    /* get key  */
    key = service.GetCertificateKey(KeyFormat.PKCS8_PEM);

    /* get length of certificate chain, and add all certs to output
        list */
    ulong chainLen = service.GetCertificateChainLength();
    certs = new List<byte[]>();
    for (ulong i = 0; i < chainLen; i++)
    {
        certs.Add(service.GetCertificate(i, CertFormat.PEM));
    }
}

hashtag
C++ example

hashtag

hashtag
C example

hashtag
Extract certificates via command line

This covers how to use a provisioned device to extract pre-arranged keys and certificates from that device's certified profile (CP). Extracting certificates via the command line consists of using the mcguard_cert_extract utility to complete the the following certificate and key extraction steps:

  1. Initialize Guardian with the device's certified profile.

  2. Extract key and desired certificates.

  • All command line utilities use a working directory approach. During certificate extraction the mcguard_cert_extract utility expects to see a .mcts, .mcpip and .mcpp file in the working directory.

  • Any argument inside <> brackets should be replaced with the indicated input data (e.g., If the component handle is device1 <my_component> , this could be replaced by device1).

PreviousManage certificatesNextAPI overview

Last updated