Access Restricted
This page contains internal documentation that is not publicly available.
Pki.StoreX509Cert
This command has been deprecated. Do not use it in new code as we may remove it in the future.
After signing a CSR using the Pki.GetX509Csr command, run this command to store the resulting in the reader's certificate store. The certificate store provides up to 3 slots (for security level 1-3). This means up to 3 different certificate authorities can store their certificates in a reader.
The certificates must comply with the following limitations:
- Only ECC P-256 and SHA256 are allowed as signing algorithms.
- The length of the tag containing the issuer distinguished name must not exceed 128 Bytes.
- No extensions are allowed.
A sample certificate matching all these limitations is the following:
30 82 01 6C 30 82 01 11 A0 03 02 01 02 02 01 01 30 0A 06 08 2A 86 48 CE 3D 04 03 02 30 3C 31 23 30 21 06 03 55 04 03 0C 1A 49 6E 74 65 72 6D 65 64 69 61 74 65 20 43 41 20 66 6F 72 20 52 65 61 64 65 72 31 15 30 13 06 03 55 04 0A 0C 0C 43 75 73 74 6F 6D 65 72 20 4F 6E 65 30 1E 17 0D 30 30 30 31 30 31 30 30 30 30 30 30 5A 17 0D 33 38 30 31 31 39 30 32 31 34 30 37 5A 30 42 31 14 30 12 06 03 55 04 03 0C 0B 53 23 20 31 31 31 31 31 31 31 31 31 13 30 11 06 03 55 04 0A 0C 0A 42 61 6C 74 65 63 68 20 41 47 31 15 30 13 06 03 55 04 07 0C 0C 48 61 6C 6C 62 65 72 67 6D 6F 6F 73 30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 86 48 CE 3D 03 01 07 03 42 00 04 C3 4D 0E D2 EA 8F 94 88 93 E0 16 75 06 78 67 BB 96 14 5A A9 24 F8 95 02 4F 47 87 C7 1C B3 1F D5 83 CD 8C A3 FB B2 57 51 38 BF 81 AA 9C 26 DC CA 71 A6 FE 83 1B 2C 88 60 86 69 D3 53 93 08 39 D7 30 0A 06 08 2A 86 48 CE 3D 04 03 02 03 49 00 30 46 02 21 00 90 6F 97 EF C0 95 1C 9C FC 60 4C 1F F7 12 00 F4 C8 2C EA FE 4E 9D C9 F0 BE 29 75 C6 E6 42 3C 1B 02 21 00 BB 22 42 56 13 5A B5 BF D1 19 B7 40 EA 44 30 2B 14 3B 86 4E 0C 48 24 96 8F FB 49 69 24 71 CA DF
This sample certificate can be decoded using the following online tool: https://redkestrel.co.uk/tools/decoder/
Furthermore, the access conditions mask of the security level running the Pki.StoreX509Cert command has to allow setting the corresponding key (SEC_SETKEY1, SEC_SETKEY2 or SEC_SETKEY3 bit of the access condition mask must be set).
This command needs a long timeout, since the ECC operations may take up to 15 seconds.
Properties
- Command code: 0x0911
- Command timeout: 16000 ms
- Possible status codes: General status codes, Pki.ErrCert
Parameters (request frame)
| Name | Type/Size | Description |
|---|---|---|
| SecLevel | Integer (8 bits) | Security level (1-3), which you want to provide with a (new) reader certificate. |
| Length of Cert | Integer (16 bits) |
Length of Cert in bytes |
| Cert | Raw data | X.509 certificate created by signing a CSR returned by Pki.GetX509Csr, encoded in ASN.1 DER format. |
Returned values (response frame)
None