makemfg v1.0.1

CLI for creating x509 and Logitech identity certificates

Install

printf "//registry.npmjs.org/:_authToken=011cadc6-399b-4adb-891b-ae8df3c47331\n" > .npmrc
git add .npmrc
npm install @logitech/attest-cli --save

Note: the first command above overrides any npm CLI login in the current directory. The token gives read only access to @logitech private packages.

Folder structure

project root
├── package.json
├── __attest__
│ └── config.json │ └── store.json └── index.js

A folder of the name "__attest__" should be present at the project root. And this folder should contain a file 'config.json', which should contain the configuration of the certificates, that needs to be created. Below is a sample config.json:

{
	"roots": {
		"Logitech DHG Root Device CA": {
			"bits": 2048,
			"md": "sha256",
			"years": 100
		}
	},
	"cas": {
        "Logitech DHG Brownie Bridge CA/skinId=400": {
			"root": "Logitech DHG Root Device CA",
			"bits": 2048,
			"md": "sha256",
			"years": 100
		},
    },
    "boards": {
        "browniebridge_white-pb1": {
			"unitid": true,
			"arch": "0x11",
			"skin": "0x0190",
			"color": "0x00",
			"usb_vendor_id": "0x046D",
			"usb_product_id": "0xC129",
			"hw_ver": "00.00",
			"key": true,
			"cert": {
				"type": "X509",
				"ca": "Logitech DHG Brownie Bridge CA/skinId=400",
				"bits": 2048,
				"md": "sha256",
				"years": 100
			}
		}
    }

In the above json, "Logitech DHG Root Device CA", "Logitech DHG Brownie Bridge CA/skinId=4000" are the exact values of the issuers of the unit certificate. And "cert" property has the value of the issuer certificate.

A CA may have a set of pre-shared keys associated with it in the store.json under the corresponding issuer and there will be a related key in the mfg file as well.

{
    "Logitech DHG Brownie Bridge CA/skinId=4000": {
        "cert": "-----BEGIN CERTIFICATE-----certificateContent-----END CERTIFICATE-----",
        "preSharedKeys": [
            "niP_P03sVShqBs9ph_7W6g",
            "47BClqac-7He-Xyhg6oIJw"
        ]
    }
}

Usage

const { validateCertificate } = require('@logitech/attest')();

//x509 certificate
let cert = `-----BEGIN CERTIFICATE-----certificate value-----END CERTIFICATE-----`;
validateCertificate(cert)
.then(result => {
    let unitId = result.unitId;
    let skinId = result.skinId;
})
.catch(error => console.log(error));

//identity certificate
let cert = `{"iss":"Logitech DHG Brownie Button CA v2/skinId=401",sub":"20160218004838-000000",                 "sig":"signaturevalue"}`;
validateCertificate(cert)
.then(result => {
    let unitId = result.unitId;
    let skinId = result.skinId;
    let key = result.key;
    let ekey = result.ekey;
})
.catch(error => console.log(error));
//'ekey' will be the encrypted value of 'key', which is a random text(encrypted using the presharedkey present in the store.json)
//when "ekey" is decrypted using key in the mfg file, it should match "key".

validateCertificate function

It has one input parameter which will hold the certificate value in PEM format for public key certificates and in Json format for identity certificate. It returns a promise, which will resolve if the certificate is valid. Else if the certificate is invalid, the promise gets rejected with the related error.