ICF tool

SSP21 defines a container file format that can hold keys of various types or certificate chain data. This file format is called an Industrial certificate Format (ICF) container file. This format is analogous to the ubiquitous PEM format used for key/certificate data in TLS, but uses the much simpler SSP21 serialization rules.

'icftool' is a command-line utility that can manipulate ICF files to perform a number of tasks related to key and certificate generation:

    -h, --help
        shows this help message
    -s, --show
        show contents of one or more <icf files ....>
    -x, --x25519
        generate a x25519 key pair <private key file> <public key file>
    -d, --ed25519
        generate a Ed25519 key pair <private key file> <public key file>
    -c, --cert
        interactively generate a <certificate file> for a <public key file> signed by a <private key file>
    -a, --append
        append all entries from one <icf file> and another <icf file> and write them to a destination <icf file>

-x25519 - Generate Diffie-Hellman keys used by endpoints as long-term identity keys, and used to authenticate endpoints to each other.

./icftool.exe -x outstation25519.priv.icf outstation25519.pub.icf
generating x25519 key pair...
wrote: outstation25519.priv.icf
wrote: outstation25519.pub.icf

-ed25519 - Generate DSA keys used by authorities (root or otherwise) as long-term identity keys and to sign/verify certificate data.

.\icftool.exe -d authority.priv.icf authority.pub.icf
generating Ed25519 key pair
wrote: authority.priv.icf
wrote: authority.pub.icf