Guidance to use ATECC608 with AWS

For Adafruit customers who seek help with microcontrollers

Moderators: adafruit_support_bill, adafruit

Please be positive and constructive with your questions and comments.
Locked
User avatar
ac400606
 
Posts: 18
Joined: Mon Feb 07, 2022 2:27 am

Guidance to use ATECC608 with AWS

Post by ac400606 »

Hello Good people!

I'm looking for guidance on setting up the ATECC608 breakout board with Rasperry Pi to connect to AWS.
From what I have tried so far and understood some of this is ATECC608 can be used to create a private and public keys which are securely stored. Then a X.509 certificate can also be created and stored on the same chip.

I was able to get the private key, public key, CSR but now my board is probably locked and I cannot create a X.509 certificate and save on it.

Kindly guide me on how to create a certificate and store it which can be used to connect to AWS.

I've tried following this tutorial but missing something and it gives me this error:

Code: Select all

Generating Certificate Signing Request...
-----BEGIN CERTIFICATE REQUEST-----

Traceback (most recent call last):
  File "/home/pi/selfSignedCert.py", line 66, in <module>
    print(csr.generate_csr())
  File "/usr/local/lib/python3.9/dist-packages/adafruit_atecc/adafruit_atecc_cert_util.py", line 77, in generate_csr
    csr = self._csr_end()
  File "/usr/local/lib/python3.9/dist-packages/adafruit_atecc/adafruit_atecc_cert_util.py", line 120, in _csr_end
    asn1.get_issuer_or_subject(
  File "/usr/local/lib/python3.9/dist-packages/adafruit_atecc/adafruit_atecc_asn1.py", line 97, in get_issuer_or_subject
    get_name(country, 0x06, data)
  File "/usr/local/lib/python3.9/dist-packages/adafruit_atecc/adafruit_atecc_asn1.py", line 125, in get_name
    data.extend(name)
TypeError: 'str' object cannot be interpreted as an integer
--
Regards.

User avatar
adafruit_support_mike
 
Posts: 67391
Joined: Thu Feb 11, 2010 2:51 pm

Re: Guidance to use ATECC608 with AWS

Post by adafruit_support_mike »

Post the code you're using (between CODE tags please) and we'll take a look.

From the error message, it looks like you're trying to assign a number to a variable that should take a string.

User avatar
ac400606
 
Posts: 18
Joined: Mon Feb 07, 2022 2:27 am

Re: Guidance to use ATECC608 with AWS

Post by ac400606 »

Hi @adafruit_support_mike This is the code

Code: Select all

# SPDX-FileCopyrightText: 2021 ladyada for Adafruit Industries
# SPDX-License-Identifier: MIT

import board
import busio
from adafruit_atecc.adafruit_atecc import ATECC, _WAKE_CLK_FREQ, CFG_TLS

import adafruit_atecc.adafruit_atecc_cert_util as cert_utils

# -- Enter your configuration below -- #

# Lock the ATECC module when the code is run?
LOCK_ATECC = True
# 2-letter country code
MY_COUNTRY = "US"
# State or Province Name
MY_STATE = "CA"
# City Name
MY_CITY = "LA"
# Organization Name
MY_ORG = "IT"
# Organizational Unit Name
MY_SECTION = "Security"
# Which ATECC slot (0-4) to use
ATECC_SLOT = 0
# Generate new private key, or use existing key
GENERATE_PRIVATE_KEY = False

# -- END Configuration, code below -- #

# Initialize the i2c bus
i2c = busio.I2C(board.SCL, board.SDA, frequency=_WAKE_CLK_FREQ)

# Initialize a new atecc object
atecc = ATECC(i2c, address=0x35)

print("ATECC Serial Number: ", atecc.serial_number)

if not atecc.locked:
    if not LOCK_ATECC:
        raise RuntimeError(
            "The ATECC is not locked, set LOCK_ATECC to True in code.py."
        )
    print("Writing default configuration to the device...")
    atecc.write_config(CFG_TLS)
    print("Wrote configuration, locking ATECC module...")
    # Lock ATECC config, data, and otp zones
    atecc.lock_all_zones()
    print("ATECC locked!")

print("Generating Certificate Signing Request...")
# Initialize a certificate signing request with provided info
csr = cert_utils.CSR(
    atecc,
    ATECC_SLOT,
    GENERATE_PRIVATE_KEY,
    MY_COUNTRY,
    MY_STATE,
    MY_CITY,
    MY_ORG,
    MY_SECTION,
)
# Generate CSR
my_csr = csr.generate_csr()
print("-----BEGIN CERTIFICATE REQUEST-----\n")
print(my_csr.decode("utf-8"))
print("-----END CERTIFICATE REQUEST-----")

With this result:
ATECC Serial Number: 012301230123012312
Generating Certificate Signing Request...
-----BEGIN CERTIFICATE REQUEST-----

Traceback (most recent call last):
File "/home/pi/selfSignedCert.py", line 67, in <module>
print(csr.generate_csr())
File "/usr/local/lib/python3.9/dist-packages/adafruit_atecc/adafruit_atecc_cert_util.py", line 77, in generate_csr
csr = self._csr_end()
File "/usr/local/lib/python3.9/dist-packages/adafruit_atecc/adafruit_atecc_cert_util.py", line 120, in _csr_end
asn1.get_issuer_or_subject(
File "/usr/local/lib/python3.9/dist-packages/adafruit_atecc/adafruit_atecc_asn1.py", line 97, in get_issuer_or_subject
get_name(country, 0x06, data)
File "/usr/local/lib/python3.9/dist-packages/adafruit_atecc/adafruit_atecc_asn1.py", line 125, in get_name
data.extend(name)
TypeError: 'str' object cannot be interpreted as an integer


I tried updating these:

Code: Select all

# Which ATECC slot (0-4) to use
ATECC_SLOT = 1
# Generate new private key, or use existing key
GENERATE_PRIVATE_KEY = True
With this result:
ATECC Serial Number: 012301230123012312
Generating Certificate Signing Request...
-----BEGIN CERTIFICATE REQUEST-----

Traceback (most recent call last):
File "/home/pi/selfSignedCert.py", line 67, in <module>
print(csr.generate_csr())
File "/usr/local/lib/python3.9/dist-packages/adafruit_atecc/adafruit_atecc_cert_util.py", line 76, in generate_csr
self._csr_begin()
File "/usr/local/lib/python3.9/dist-packages/adafruit_atecc/adafruit_atecc_cert_util.py", line 86, in _csr_begin
self._atecc.gen_key(self._key, self._slot, self.private_key)
File "/usr/local/lib/python3.9/dist-packages/adafruit_atecc/adafruit_atecc.py", line 438, in gen_key
self._get_response(key)
File "/usr/local/lib/python3.9/dist-packages/adafruit_atecc/adafruit_atecc.py", line 556, in _get_response
raise RuntimeError("CRC Mismatch")
RuntimeError: CRC Mismatch

User avatar
adafruit2
 
Posts: 22111
Joined: Fri Mar 11, 2005 7:36 pm

Re: Guidance to use ATECC608 with AWS

Post by adafruit2 »

the ATECC608 doesn't work super great with the pi because of clock stretching, be sure to reduce the i2c clock freq, does that help?
https://learn.adafruit.com/i2c-addresse ... some-chips

User avatar
ac400606
 
Posts: 18
Joined: Mon Feb 07, 2022 2:27 am

Re: Guidance to use ATECC608 with AWS

Post by ac400606 »

Yup. I have I2C speed set to 10Khz. It still gives me same errors.

User avatar
adafruit2
 
Posts: 22111
Joined: Fri Mar 11, 2005 7:36 pm

Re: Guidance to use ATECC608 with AWS

Post by adafruit2 »

you could try making a secondary i2c port thats 'software bitbang' - see if that helps but really this chip doesnt play nicely with the raspi's i2c implementation :/

User avatar
ac400606
 
Posts: 18
Joined: Mon Feb 07, 2022 2:27 am

Re: Guidance to use ATECC608 with AWS

Post by ac400606 »

I can try this with a ESP32-C3 I have. Any example code to create certificate using the ATECC608 and connect to AWS IoT core? I guess using a microcontroller I will be able to create Private key, Public key, CSR and a X.509 certificate which can be stored on the ATECC608. I read the document/datasheet but couldn't find how to create the keys and certificate before locking the chip.

User avatar
ac400606
 
Posts: 18
Joined: Mon Feb 07, 2022 2:27 am

Re: Guidance to use ATECC608 with AWS

Post by ac400606 »

By following these steps, would it create Private key in slot 1, Public key in Slot 2 and a X.509 certificate in Slot 10?

User avatar
adafruit2
 
Posts: 22111
Joined: Fri Mar 11, 2005 7:36 pm

Re: Guidance to use ATECC608 with AWS

Post by adafruit2 »

not sure, its best to check with AWS devloper documentation

User avatar
ac400606
 
Posts: 18
Joined: Mon Feb 07, 2022 2:27 am

Re: Guidance to use ATECC608 with AWS

Post by ac400606 »

ok, I'll try.

Locked
Please be positive and constructive with your questions and comments.

Return to “Microcontrollers”