3.2.1.3.2 WPC Certificate Storage
The WPC X.509 certificate chain is documented in the WPC 1.3.0 authentication specification. The specification is only available to registered members of the WPC. The specific compressed format used by Microchip for the WPC X.509 certificates is a variant of what was previously used for the Microchip-defined TLS X.509 certificates.
The nomenclature used for the WPC certificates mirrors the nomenclatures used by the WPC authentication specification.
The CryptoAuthLib library also contains the atcawpccert module for working with WPC compressed certificates.
Product Unit Certificate
The product unit certificate consists of information associated with the Secure Storage Subsystem. The product unit certificate is the equivalent of the device certificate specified for the TLS authentication use case.
Manufacturer Certificate
The manufacturer certificate consists of the information associated with the manufacturer certificate authority and is used to sign the product unit certificate. The manufacturer certificate is the equivalent of the signer certificate specified for the TLS authentication use case.
Manufacturer Public Key
The manufacturer public key is the public key needed to verify the manufacturer and the information that is associated with the manufacturer compressed certificate. The manufacturer public key is the equivalent of the signer public key specified for the TLS authentication use case.
The following table shows all the slots associated with WPC certificates in the ECC608-TFLXWPC:
| WPC Slot 0 | WPC Slot 1 | Description |
|---|---|---|
| 0 | 1 | Primary WPC private key. The public key can be generated at any
time using the GenKey command in Mode =
0x00. |
| 4 | 8 | Extra data needed for the manufacturer or product unit certificate |
| 5 | 8 | RSID needed for the product unit certificate |
| 13 | 8 | Product unit certificate. This is stored in a WPC compressed format. |
| 9 | 8 | Signer public key. |
| 14 | 8 | Manufacturer certificate. This is stored in a WPC compressed format. |
For the ECC608-TFLXWPC production units, these slots can be configured as either permanent or slot lockable. To facilitate early development, Slots 4, 5, 8, 9, 13 and 14 are set to slot lockable for the prototype units.