[ESP-AT] Uploading certificates using AT Commands

hellraise007
Posts: 16
Joined: Tue Aug 06, 2019 6:18 am

[ESP-AT] Uploading certificates using AT Commands

Postby hellraise007 » Fri Oct 02, 2020 3:44 pm

Hello,
Is it possible to upload SSL certificates to the flash using AT commands? There is AT+SYSFLASH command to view and modify partitions, how do I wirte certificates into the flash using this command safely?

A simple AT+SYSFLASH=2,"client_ca",0x00,0x2000 gave me

Code: Select all

+SYSFLASH:8192,<0xf1><0xf1><0x02><break>
 	<break>
<break>
<0x01><break>
<0x8c><0x04>-----BEGIN CERTIFICATE-----
MIIDLTCCAhWgAwIBAgIJAMQZBKBLTB95MA0GCSqGSIb3DQEBBQUAMDcxCzAJBgNV
BAYTAlMxMQ8wDQYDVQQKDAZFU1AgUzExFzAVBgNVBAMMDkVTUCBSb290IENBIFMx
MB4XDTE5MDYyMTA4MDAyMloXDTI5MDYxODA4MDAyMlowNzELMAkGA1UEBhMCUzEx
DzANBgNVBAoMBkVTUCBTMTEXMBUGA1UEAwwORVNQIFJvb3QgQ0EgUzEwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt/chHLK76uZwnGywrmWDFt8ixoH2G
KJi3QzEW0MT0GUX1/6bCRKEkvDY6Neze26+a6sJCwbhOLcCGIxiPi2L2QHeCrO2n
PxTfl2pGm+Vhe0TzTJhHpBSrdbnk2DQBjg6CzK+3f6ZBSuKACpMfHg5Xovgq/2Uz
N3Dz1nZ5N90OlNSNBjFW4i9vIk5LtSh62cEFtdGjwGlXtfm4k30ZxfZF8P9z9FXI
m9t6L8+B0UqE2Bysg/pHadmw/D0IOqnyji/gzJ56dLQES/Of1R0LQ9EG7ZZLG3eM
1IsSww+0/Iarm1LqAFfTE3NbYkSajAEXIFEsbHpIw4A36y6A80orIq8bAgMBAAGj
PDA6MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgGmMB0GA1UdDgQWBBQE1Ucuke3Z
PAiqLlJFyBWR3nV0ujANBgkqhkiG9w0BAQUFAAOCAQEAMgH0OyIh2kgw4s7Gv1Uo
vDKhCCO0GqRYBAzEkXbHSJdl1pYFyp2yNCnPWztF6aDAmM9EzWNOJQlig4xwB1SZ
Tgk3ov6tkRicfbwhvIfAvvb/XWfVo1XsL20Bp4euE/tI9JmPGOUzuiQWaxVrlkuc
qAg4U3gcHY6nBkanpbY9idPF4lDLYZNkxe3+0mp50NxHmiuM/ShoR8xs0ee4fydV
wI52uuiEGtjcivHPr0t8J8N+dXJPKqddszsrelwuCDsYMhpJLR2obTMxJx1aP5Zx
jw5BTh1TrdGUDe2JumZ7YDUpkQHnfdR7XTF6XubbeJBjHwWr1A7AzFwmbZDO266s
Rw==
-----END CERTIFICATE-----
[b]<0x01><0x01><0x8c><0x04>[/b]-----BEGIN CERTIFICATE-----
MIIDLTCCAhWgAwIBAgIJANPlC/VxYt9YMA0GCSqGSIb3DQEBBQUAMDcxCzAJBgNV
BAYTAlMxMQ8wDQYDVQQKDAZFU1AgUzExFzAVBgNVBAMMDkVTUCBSb290IENBIFMx
MB4XDTE5MDYyMTA4MDAyM1oXDTI5MDYxODA4MDAyM1owNzELMAkGA1UEBhMCUzEx
DzANBgNVBAoMBkVTUCBTMTEXMBUGA1UEAwwORVNQIFJvb3QgQ0EgUzEwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC59qk+ffINTVzMgw7WqP2nQfyh6rhg
pDR5HXq6HB4wcN44ISjqPoyNd/6NAK/wucW3KRl4hOpKyjhWzuvmy1PdaiIlbW7m
cDgq2lTOScwtFq4WEuifeemG4OXfhBRpuKVQaeeUDOVNYIoLCtt4ttsUwTcjeTGb
DpoT5l9zXnv1EgQYv/0Jxw+pqW6feDI77WJzpj26i5iTjCGI+sA8U15QJL05cQF6
+kgMVTMGqskjSG0CRkTFSJSIgZB21o1xwTNOsakv2pCNYhH3ejd2sNIsnPoX4xtJ
EpW3Jsov9wgLWGpE03ywww2JQjxtKjdi5/2CRvQjVt0T6emAkckzWoR3AgMBAAGj
PDA6MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgGmMB0GA1UdDgQWBBQBLXFaWj2N
1zPcaOsbVtjQlyThMzANBgkqhkiG9w0BAQUFAAOCAQEAbe68ZYIbX0voqF9P+gFz
mMvWPpqnpSbJoYvz8BJ9N++n9594C5kVcVd5Mi16gdUtkcUiDhomjS//rnAZVbmU
ku2zgqrHSEGvITRy9hQEpcV6JzGuq3Wpjn/MpYvahitC7aAw310ePdAIuZniQBBF
9Tah12iF5z8aTE7vHvBEP8xyooWq/KsWuTKcohUwHf5De8RaAOMU4m4cyEMqSHSF
I7gqx02S/mDV/r0SdE+hv2MfBS3sXh3Ia7YIHQUIa2bWuSAo7mnWgpNtJsyheus0
GANTwxtDdu1FK8h27E2kO+ZTHwpxLPFE8wR6fvUFEOYEK+VmN3XwUp7HelVYxecE
NQ==
-----END CERTIFICATE-----
<0xff><0xff><0xff><0xff><0xff><0xff><0xff><0xff>
.
.
<0xff><0xff><0xff><0xff><0xff>
I do not understand what these characters are [<0xf1><0xf1><0x02>...etc.] before and in between the certificate chain. It would be helpful if someone could explain it for me. Also are the line endings supposed to be \n, \r or \n\r?

Regards

hellraise007
Posts: 16
Joined: Tue Aug 06, 2019 6:18 am

Re: [ESP-AT] Uploading certificates using AT Commands

Postby hellraise007 » Sat Oct 03, 2020 9:43 am

I am trying to use ESP32/8266 purely in slave mode and I am required to update the certificates on site, It would be helpful if there was a detailed tutorial on this.

hellraise007
Posts: 16
Joined: Tue Aug 06, 2019 6:18 am

Re: [ESP-AT] Uploading certificates using AT Commands

Postby hellraise007 » Sun Oct 04, 2020 9:58 am

I create a bin file using the AtPKI.py too and uploaded it to the module using AT+SYSFLASH command. I am using the factory image so the command I used was

Code: Select all

AT+SYSFLASH=1,"client_cert",0,1040
AT+SYSFLASH=2,"client_key",0,1744
AT+SYSFLASH=2,"client_ca",0,1040
But it seems AT+CIPSSLCCONF=2,0,0 gives NO CA FOUND error.

hegetluk
Posts: 3
Joined: Mon Nov 08, 2021 8:24 am

Re: [ESP-AT] Uploading certificates using AT Commands

Postby hegetluk » Wed Jan 05, 2022 10:19 am

The structure format of the binary file can be found in the ATPKI.py file delivered by Espressif:

Converter of PKI data and files
File Format ( unsigned int is little endian )

| <- 2 bytes -> | <- 2 bytes -> | <- 4 bytes -> | <- total length -> |
+---------------+---------------+---------------+--------------------+
| magic code | list size | length | list items |
+---------------+---------------+---------------+--------------------+

magic code: 0xF1F1
list size: count of total items
length: total length of list items
list items: a list of PKIItems

PKI item:

| <- 1 byte -> | <- 1 byte -> | <- 2 bytes -> | <- content len -> | <- (4-len%4) % 4 bytes -> |
+--------------+--------------+---------------+-------------------+---------------------------+
| type | ID | content len | raw data | padding for 4 bytes align |
+--------------+--------------+---------------+-------------------+---------------------------+

type: item type
0x01: CA
0x02: certificate
0x03: key
ID: used to match cert and key.
content len: raw data length
"""

TYPE = {
"ca": 0x01,
"cert": 0x02,
"key": 0x03,
}

Who is online

Users browsing this forum: No registered users and 44 guests