-
Notifications
You must be signed in to change notification settings - Fork 1
ICF tool
SSP21 defines a container file format that can hold keys of various types or certificate chain data. This file format is called an Industrial certificate Format (ICF) container file. This format is analogous to the ubiquitous PEM format used for key/certificate data in TLS, but uses the much simpler SSP21 serialization rules.
'icftool' is a command-line utility that can manipulate ICF files to perform a number of tasks related to key and certificate generation:
-h, --help
shows this help message
-s, --show
show contents of one or more <icf files ....>
-x, --x25519
generate a x25519 key pair <private key file> <public key file>
-d, --ed25519
generate a Ed25519 key pair <private key file> <public key file>
-c, --cert
interactively generate a <certificate file> for a <public key file> signed by a <private key file>
-a, --append
append all entries from one <icf file> and another <icf file> and write them to a destination <icf file>
--x25519 - Generate Diffie-Hellman keys used by endpoints as long-term identity keys, and used to authenticate endpoints to each other.
./icftool.exe -x outstation25519.priv.icf outstation25519.pub.icf
generating x25519 key pair...
wrote: outstation25519.priv.icf
wrote: outstation25519.pub.icf
--ed25519 - Generate DSA keys used by authorities (root or otherwise) as long-term identity keys and to sign/verify certificate data.
.\icftool.exe -d authority.priv.icf authority.pub.icf
generating Ed25519 key pair
wrote: authority.priv.icf
wrote: authority.pub.icf
--show - Display key or certificate contents of the file.
./icftool.exe -s authority.priv.icf authority.pub.icf
File: authority.priv.icf
Type: ed25519_private_key
key-data (length == 64)
49:b4:d0:64:ca:60:c3:e5:c7:c4:56:8d:d3:82:b9:a0
6a:a4:9a:7e:18:cf:51:cb:43:85:45:3c:52:c4:5d:e3
23:28:0d:c2:43:c6:11:c7:1e:36:75:51:90:5f:01:3f
a4:5f:31:51:60:4c:20:3b:80:b5:d8:35:ae:c4:2c:8f
File: authority.pub.icf
Type: ed25519_public_key
key-data (length == 32)
23:28:0d:c2:43:c6:11:c7:1e:36:75:51:90:5f:01:3f
a4:5f:31:51:60:4c:20:3b:80:b5:d8:35:ae:c4:2c:8f
--cert - Can be used to interactively generate a certificate
./icftool.exe -c outstation.cert.icf .\outstation25519.pub.icf authority.priv.icf
How many days (from now) should the certificate remain valid?
365
Enter the certificate signing level (0 == endpoint certificate, max == 6):
0
./icftool.exe -s .\outstation.cert.icf
File: .\outstation.cert.icf
Type: certificate_chain
certificate #1
signature (length == 64)
ab:b8:8b:85:72:d8:ff:31:6c:e7:55:ac:cd:44:5e:b3
c7:2e:aa:b5:47:d7:65:5b:dd:4a:0a:fd:f1:c0:ba:99
3d:40:a5:27:83:aa:93:cc:88:2d:7b:c0:b6:cf:6e:de
d0:10:74:b3:1a:eb:f0:5d:60:6a:f8:15:51:bd:eb:0d
certificate_body (length == 52)
00:00:01:5d:48:26:95:79:00:00:01:5c:f0:75:69:79
00:01:20:a6:93:66:e0:f5:b0:08:1a:0e:5b:20:80:8b
fa:0f:48:83:67:6b:c5:92:7c:15:1a:1a:91:88:c4:28
60:01:15:00
valid_after: 1500154074489
valid_before: 1498682845561
signing_level: 0
public_key_type: X25519
public_key (length == 32)
a6:93:66:e0:f5:b0:08:1a:0e:5b:20:80:8b:fa:0f:48
83:67:6b:c5:92:7c:15:1a:1a:91:88:c4:28:60:01:15
extensions (count = 0)