• State Not Answered
  • Replies 10 replies
  • Subscribers 70 subscribers
  • Views 2173 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 268971
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

AT%CMNG not showing hashes (and certificates cannot be read so not identified)

kratenko

Hello,

I am working with the nRF9160 to communicate via DTLS. It works, but managing certificates is a bit of a problem. I am using the AT%CMNG command.

First, certificates (type 1) cannot be read from the modem. This is annoying, since I do not have any private keys in the certificate (but I guess you could?).

The issue is - according to the manual (see https://infocenter.nordicsemi.com/index.jsp?topic=%2Fref_at_commands%2FREF%2Fat_commands%2Fmob_termination_ctrl_status%2Fcmng_set.html), the command is supposed to give the SHA256 digest for the entity. In fact it does not. The place where that should be, it just repeatedly sends the byte representing the entity type:

at%cmng=1
%CMNG: 0,6,"0606060606060606060606060606060606060606060606060606060606060606"
%CMNG: 111,0,"0000000000000000000000000000000000000000000000000000000000000000"
%CMNG: 111,1,"0101010101010101010101010101010101010101010101010101010101010101"
%CMNG: 111,2,"0202020202020202020202020202020202020202020202020202020202020202"
%CMNG: 2000,4,"0404040404040404040404040404040404040404040404040404040404040404"
OK

You can see it in other peoples' posts here as well, e.g.: https://devzone.nordicsemi.com/f/nordic-q-a/49766/at-cmng-1-reporting-error/198450

This is awkward, because there is no way to identify which private key or certificate is in which slot. Or am I missing anything? If this a bug, will there be a patch at any point? I am using modem FW 1.2.3, which is the most recent one.

Parents
  • 0

    Hello,  

    The AT%CMNG=1 will print

     

    %CMNG: <sec_tag>,<type>[,<sha>[,<content>]]

<sec_tag>
    Integer, 0 – 2147483647.
    Mandatory for write, read, and delete operations. Optional for list operation.
    
<type>
    0 – Root CA certificate (ASCII text)
    1 – Client certificate (ASCII text)
    2 – Client private key (ASCII text)
    3 – Pre-shared Key (PSK) (ASCII text in hexadecimal string format)
    4 – PSK identity (ASCII text)
    5 – Public Key (ASCII text)
    6 – Reserved
    Mandatory if <opcode> is write, read, or delete. Parameter <type> with the value Public Key can only be used when parameter <opcode> is delete.
    
<sha>
    String. SHA-256 digest of the entity (DER, PEM) as stored in the filesystem, 64 hexadecimal characters (representing a 256 bit vector).
    Note:
        <content> in the read response is exactly what is written, including <CR>, <LF>, and other characters. The characters outside the double quotes are part of the AT response format.
        
        Reading types 1, 2, and 3 are not supported.

    From the output you have posted above the command prints from sec_tag 0, 111 and 2000. Sec_tag 111 has Root CA certificate (type 0), Client certificate (type 1), and Client private key (type 2). As the note states in the documentation "Reading types 1, 2, and 3 are not supported

    What do you get if you read the tag 111

    AT%CMNG=1,111

    Kind regards,
    Øyvind

  • 0 in reply to Øyvind

    Hello again, 

    I've forwarded your inquiry to our modem team to verify the AT%CMNG output.

    Kind regards,
    Øyvind

Reply Children
No Data
Related