https://devzone.nordicsemi.com/f/nordic-q-a/93870/verifying-public-and-private-certificatesHi all, This is for nrf9160 with firmware version 1.3.1. I &#39;m trying to read back the certificates and comparing with a known CRC. modem_key_mgmt_read is able to read the CA_CHAIN cert, but cannot read the Public_Cert and the Private_Cert. (retrunsen-USTelligent Community 13Thu, 27 Mar 2025 21:02:32 GMThttps://devzone.nordicsemi.com/thread/529382?ContentTypeID=1Thu, 27 Mar 2025 21:02:32 GMT137ad170-7792-4731-bb38-c0d22fbe4515:e099ff7c-f7f1-452c-95af-3639dd79c0a8Manu<p>Hi,&nbsp;</p> <p>I came across this thread because I was trying to&nbsp;ensure that the&nbsp;creds we generate ( externally)&nbsp;are making it into the device properly.<br />In doing so, I<span>&nbsp;</span><strong>found myself unable to generate(from the files I downloaded) a matching hash&nbsp;for&nbsp;the cert installed onto the device. ( Specifically, I expect to generate a hash to match what was written into slot 100, type 1.<img style="max-height:240px;max-width:320px;" alt=" " src="https://devzone.nordicsemi.com/resized-image/__size/640x480/__key/communityserver-discussions-components-files/4/pastedimage1743109301438v1.png" /></strong></p> <p>To my surprise, I noted that the hash I was able to generate for the ROOT_CA_CERT&nbsp;MATCHES one of the (auto-installed?) type 10 credentials in the (default?) sec_slot.</p> <p><img style="max-height:240px;max-width:320px;" alt=" " src="https://devzone.nordicsemi.com/resized-image/__size/640x480/__key/communityserver-discussions-components-files/4/pastedimage1743109310647v2.png" /></p> <p>So, in summary,<span>&nbsp;</span><span style="text-decoration:underline;"><strong>How do I generate the SHA key that the device&nbsp;returns on a AT%CMNG=1, so I can verify the same key exists?</strong></span></p> <p>Any other information about what the autogenerated tags mean would also be illustrative</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/396451?ContentTypeID=1Fri, 18 Nov 2022 14:40:29 GMT137ad170-7792-4731-bb38-c0d22fbe4515:ff9d50c5-b078-4732-9206-7e4a5ccedbc6Raoul<p>Hi,</p> <p>You will have to upgrade the modem firmware to the newest version, v1.3.2, and then <code>list</code> these certificates to do your comparison.</p> <p><span><code>MODEM_KEY_MGMT_CRED_TYPE_PUBLIC_CERT</code> and <code>MODEM_KEY_MGMT_CRED_TYPE_PRIVATE_CERT</code> can&#39;t be read, they can be listed. Listing them will include the <code>&lt;sha&gt;</code> which you can use for your comparison. S</span>ee chapter 12.8 here: <a href="https://infocenter.nordicsemi.com/pdf/nrf91_at_commands_v2.1.pdf">https://infocenter.nordicsemi.com/pdf/nrf91_at_commands_v2.1.pdf</a></p> <p><span>Unfortunately, the sha hash is only listed correctly in v1.3.2, so an upgrade will be necessary.<br /></span></p> <p><span>Best regards,</span></p> <p><span>Raoul</span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/395655?ContentTypeID=1Mon, 14 Nov 2022 21:41:00 GMT137ad170-7792-4731-bb38-c0d22fbe4515:41356058-0f0c-42f6-9ca5-0bec28c3a245kkksss<p>Actually correction to above, the modem_key_mgmt_cmp and modem_key_mgmt_read cannot read the keys&nbsp;<span>MODEM_KEY_MGMT_CRED_TYPE_PUBLIC_CERT and&nbsp;</span><span>MODEM_KEY_MGMT_CRED_TYPE_PRIVATE_CERT.</span></p> <p><span>I tested the following and it works successfully in comparing and reading&nbsp;</span>MODEM_KEY_MGMT_CRED_TYPE_CA_CHAIN.</p> <p>The AT command behind the scenes is</p> <p>AT%CMNG=2,?,?</p><div style="clear:both;"></div>