3.2.1.3.1 TLS Certificate Storage
The TLS X.509 certificate chain is the same as that used for Microchip Trust&GO and TrustFLEX TLS products. Specifically, the ATECC608B-TNGTLS and ATECC608B-TFLXTLS.
The following application note documents the compressed certificate format: ATECC Compressed Certificate Definition.
The CryptoAuthLib library also contains the atcacert module for working with TLS compressed certificates.
Device Certificate
The device certificate consists of information associated with the actual ECC608-TFLXWPC device.
Signer Certificate
The signer certificate consists of information associated with the signer certificate authority used to sign the device certificate. The signer public key is also required to rebuild the full signer certificate.
Signer Public Key
The signer public key is the public key needed to verify the signer and the information that is associated with the signer compressed certificate.
The following table shows all the slots associated with certificates in the ECC608-TFLXWPC:
| Slot | Description |
|---|---|
| 3 | Primary private key. The public key can be generated at any time
using the GenKey command in Mode = 0x00. |
| 10 | Device certificate. This is stored here in a compressed format. |
| 11 | Signer public key. |
| 12 | Signer certificate. This is stored in a compressed format. |
For the ECC608-TFLXWPC production units, these slots can be configured as either permanent or slot lockable. To facilitate early development, Slots 10-12 are set to slot lockable for the prototype units.