Metadata-Version: 2.1
Name: pytrustplatform
Version: 0.12.0.16
Summary: A collection of utilities for interacting with Microchip Trust Platform and Microchip CryptoAuthentication™ devices
Home-page: http://www.microchip.com
Author: Microchip Technology
Author-email: support@microchip.com
License: Microchip Technology Inc. Proprietary License
Platform: UNKNOWN
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Topic :: Software Development :: Embedded Systems
Classifier: License :: Other/Proprietary License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Operating System :: Microsoft :: Windows
Classifier: Operating System :: POSIX :: Linux
Classifier: Operating System :: MacOS
Description-Content-Type: text/markdown
Requires-Dist: cryptography
Requires-Dist: asn1crypto
Requires-Dist: pytz
Requires-Dist: pyyaml
Requires-Dist: appdirs
Requires-Dist: pykitcommander (>=0.4.*)
Requires-Dist: pyedbglib (>=2.17)
Provides-Extra: dev
Requires-Dist: pylint ; extra == 'dev'
Requires-Dist: pytest ; extra == 'dev'
Requires-Dist: mock ; extra == 'dev'

# pytrustplatform
pytrustplatform is a collection of utilities for interacting with Microchip Trust Platform and
Microchip CryptoAuthentication™ devices

pytrustplatform can be used as a command-line interface or a library

## Command-line interface
pytrustplatform is a multi-layered command-line interface meaning that there are several commands each
with its own actions and options.

Getting help:
```
pytrust --help
```
Getting help for specific command:
```
pytrust certificate --help
```
The amount of logging is controlled by the -v/--verbose option:
```
pytrust -v info
```
Possible log levels are `debug`, `info`, `warning`, `error`, `critical`.  Default is `info`.

Print version info and exit:
```
pytrust -V
```
Print release info and exit:
```
pytrust -R
```
### Commands reading information from connected Microchip IoT kit
Some commands need to read information from the ECC chip on a Microchip IoT kit, which must be connected to a USB port.
In case, pytrustcommander will normally connect to the kit automatically, and program the required firmware into it.
If there is more than one suitable IoT kit connected, the user must select which one to use using the
-s/--serialnumber option. If the -s option is not used in this situation, a list of kits is printed.
It is sufficient to specify enough digits from the end of the serial number to make it unique.
Sample session with two kits connected:
```
pytrust cert read-ecc-serialnumber
ERROR - Multiple kits found.
ERROR - Please specify serial number ending digits for the one you want
ERROR - Tool: nEDBG CMSIS-DAP Serial: MCHP3203081800007239 Device: ATmega4808
ERROR - Tool: nEDBG CMSIS-DAP Serial: MCHP3261021800001323 Device: PIC24FJ128GA705

pytrust -s9 cert read-ecc-serialnumber
Reading ECC serial number from kit
012370A530B9A4A8FE

```

### Certificate command
The certificate command support certificate manipulation and parsing actions.  It can also be invoked using the cert alias:
```
pytrust certificate
```
is the same as
```
pytrust cert
```

#### Action: get-skid
Get the Subject Key Identifier from a certificate. The SKID is printed to standard output.
* use --cert to specify certificate file

Example:
```
pytrust certificate get-skid --cert mycertificate.crt
```

#### Action: get-common-name
Get the Common Name from a certificate. The Common Name is printed to standard output.
* use --cert to specify certificate file

Example:
```
pytrust certificate get-common-name --cert mycertificate.crt
```

#### Action: create-from-ecc
Create device and signer certificates using compressed certificate data read out from the ECC device.
This comamnd requires a Microchip IoT kit is connected. The device and signer certificate are stored in
output folder in files named "device_ecc608.crt" and "signer_ecc608.crt", respectively.
* use --dct to optionally specify a device certificate template file
* use --sct to optionally specify a signer certificate template file
* use -o to optionally specify a path to store the certificates created (defaults to '.')

Example:
```
pytrust certificate create-from-ecc -o mycertificates
```

#### Action: create-from-csr
Create a device certificate using a Certificate Signing Request (CSR) created from data read out from the ECC device.
This comamnd requires a Microchip IoT kit is connected. Both the certificate and the CSR will be written to files in
output folder, in files "device.crt" and "device.csr", respectively.
* use --scak to specify signer Certificate Authority (CA) private key file
* use --scac to to specify signer Certificate Authority (CA) certificate file
* use -o to optionally specify a path to store the certificate and CSR created (defaults to '.')

Example:
```
pytrust certificate create-from-csr -o mycertificates --scak my_signer-ca.key --scac my_signer-ca.crt
```

#### Action: create-verification
Create a verification certificate from a signer Certificate Authority (CA) certificate and private key.
Certificate is placed in output folder, file name "verification.crt".
The verification certificate is typically used when registering the CA with a cloud provider.
* use --scak to specify signer Certificate Authority (CA) private key file
* use --scac to to specify signer Certificate Authority (CA) certificate file
* use --reg to specify the registration code to be used in the verification certificate
* use -o to optionally specify a path to store the certificate created (defaults to '.')

Example:
```
pytrust certificate create-verification -o mycertificates --scac my_signer_ca.crt --scak my_signer_ca.key --reg 0123456789
```
#### Action: fingerprint
Generates a fingerprint from a certificate file passed in. The fingerprint is printed to standard output.

Example:
```
pytrust cert fingerprint -cert device.crt
```

#### Action: create-chain-of-trust
Create a chain of trust with root CA, signer CSR and signer certificates at current or specified folder.
The certificates are placed in the output folder, filenames "root-ca.crt", "signer-ca.csr", and "signer-ca.crt",
respectively.
* use -o to optionally specify a path to store the certificate created (defaults to '.')
* use --org to optionally change issuer Organization name (defaults to 'Example Inc')
* use --rcn to optionally change root CA certificate Common Name (defaults to 'Example Root CA')
* use --scn to optionally change signer CA certificate Common Name (defaults to 'Example Signer FFFF')


Example:
```
pytrust cert -o my-root-certs --org "Microchip Technology Inc" --rcn "Microchip Root CA" --scn "Microchip Signer" create-chain-of-trust
```

### Manifest command
Not yet implemented

## Library
pytrustplatform is a collection of utilities and it can be used as a library by accessing the individual modules.

### Logging
This package uses the Python logging module for publishing log messages to library users.
A basic configuration can be used (see example below), but for best results a more thorough configuration is
recommended in order to control the verbosity of output from dependencies in the stack which also use logging.
See logging.yaml which is included in the package (although only used for CLI).
```
# pytrustplatform uses the Python logging module
import logging
logging.basicConfig(format="%(levelname)s: %(message)s", level=logging.WARNING)
```

### Fetching data from a certificate
The `cert_get_data` module contains functions to fetch various information from a certificate. For example:
```
# Fetch the Subject Key Identifier from a certificate
from pytrustplatform.cert_get_data import cert_get_skid
skid = cert_get_skid("mycertificate.crt")

# Fetch Common Name from a certificate:
from pytrustplatform.cert_get_data import cert_get_common_name
common_name = cert_get_common_name("mycertificate.crt")
```

### Create device certificate from CSR
Building a device certificate will implicitly generate a Certificate Signing Request (CSR)
```
from pytrustplatform.device_cert_builder import build_device_cert
from pykitcommander.kitprotocols import get_iot_provision_protocol
from pykitcommander.firmwareinterface import KitSerialConnection

# Fetch a protocol object from pykitcommander
protocol, port = get_iot_provision_protocol()
# Use the KitSerialConnection context manager provided by pykitcommander to manage the port open and close
with KitSerialConnection(protocol, port):
    # Build device certificate.  A CSR will be generated as part of the process.  Both will be written to file
    build_device_cert("my_signer-ca.crt", "my_signer-ca.key", protocol, "generated.csr", "generated_device.crt")
```

### Create verification certificate
```
from pytrustplatform.verification_cert_builder import build_verification_cert

build_verification_cert("my_signer-ca.crt", "my_signer-ca.key", "MY_REGCODE_0123456789", "generated_verification.crt")
```

## Linux systems
This package uses pyedbglib and other libraries for USB transport and some udev rules are required.
For details see the pyedbglib package: https://pypi.org/project/pyedbglib


