You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
## Overview of Python Utilities for nRF Cloud Integration
19
20
@@ -22,6 +23,7 @@ When using nRF9160, these utilities require [Modem firmware v1.3 or later](https
22
23
For additional details, refer to the [nRF Cloud Security documentation](https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/external_comp/nrf_cloud.html#security).
23
24
24
25
## Create CA Cert
26
+
25
27
This script creates a self-signed CA certificate and an associated EC keypair. The CA cert and private key can then be used to create device credentials. Generally, this script needs to be called only once and then its output can be used to produce many device credentials. The specific values that you specify for the various options are not important, though it is recommended to use reasonable and accurate values for country code, state or province, locality, organization and its unit. The number of days valid defaults to 10 years. The common name could be your company domain name or something similar.
This script automates the process of generating and programming device credentials to a device such as a Thingy:91 X or nRF9151-DK running an nRF Connect SDK application containing the [AT Host library](https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/libraries/modem/at_host.html).
44
-
The [AT Client sample](https://github.com/nrfconnect/sdk-nrf/tree/main/samples/cellular/at_client) is the simplest implementation of the AT Host library.
45
+
This script automates the process of generating and programming device credentials to a device such as the nRF9160-DK, Thingy:91X or nRF9151-DK running an nRF Connect SDK application containing the [AT Host library](https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/libraries/modem/at_host.html) or [AT Shell](https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/libraries/modem/at_shell.html).
45
46
46
47
Use the `create_ca_cert` script to generate the required CA certificate and CA key before running this script.
47
48
@@ -70,12 +71,13 @@ See: [Configuration options for device ID](https://docs.nordicsemi.com/bundle/nc
The `nrf_cloud_onboard` script performs device onboarding with nRF Cloud.
80
82
Your nRF Cloud REST API key is a required parameter and can be found on your [User Account page](https://nrfcloud.com/#/account).
81
83
Also required is a CSV file compatible with the [onboarding endpoint](https://api.nrfcloud.com/v1/#operation/ProvisionDevices). You can use the onboarding CSV file produced by `device_credentials_installer`.
If the `--res` parameter is used, the onboarding result information will be saved to the specified file instead of printed to the output.
89
91
90
-
# Modem Credentials Parser
92
+
## Modem Credentials Parser
93
+
91
94
The script above, `device_credentials_installer` makes use of this script, `modem_credentials_parser`, so if you use the former, you do not need to also follow the directions below. If `device_credentials_installer` does not meet your needs, you can use `modem_credentials_parser` directly to take advantage of additional options.
92
95
93
96
This script parses the output of `AT%KEYGEN` and `AT%ATTESTTOKEN`. Each command outputs two base64 strings joined by a `.` character. The first string is the command specific data. The second string is the [COSE](https://datatracker.ietf.org/doc/html/rfc8152) signature of the first string.
The script above, `device_credentials_installer` makes use of this script, `create_device_credentials`, so if you use the former, you do not need to also follow the directions below.
262
266
If `device_credentials_installer` does not meet your needs, you can use `create_device_credentials` directly to take advantage of additional options.
This script uses the [nRF Cloud Identity and Provisioning API](https://api.provisioning.nrfcloud.com/v1/) to perform remote device provisioning tasks.
296
-
This service is only compatible with nRF91x1 devices running modem firmware >= 2.0.0.
301
+
302
+
### Limitation
303
+
304
+
- This script is **not supported for nRF9160 devices.**
305
+
- This service is only compatible with nRF91x1 devices running modem firmware >= 2.0.0.
306
+
- Since this process takes some time, it is not recommended in a production setting.
307
+
- For a production setting, it's better to use `gather_attestation_tokens` (see below).
297
308
298
309
After claiming and provisioning, this script will onboard the device to your nRF Cloud account.
299
-
The target device must be running the [nRF Device Provisioning](https://github.com/nrfconnect/sdk-nrf/tree/main/samples/cellular/nrf_provisioning) sample built with the following options:
The target device must have the Provisioning feature enabled. A good reference on how to integrate this is the [nRF Device Provisioning](https://github.com/nrfconnect/sdk-nrf/tree/main/samples/cellular/nrf_provisioning) sample.
306
311
307
312
When not using provisioning tags (with the `--provisioning-tags` argument), this script creates device credentials for use with nRF Cloud and so requires a CA certificate and the associated private key as an input.
308
313
@@ -314,18 +319,18 @@ Use `--help` for additional parameter information.
314
319
315
320
#### Device certificate created locally from CSR received over the air:
316
321
317
-
It's recommended to use the `nrf_cloud_multi_service` sample with the provisioning overlay for this.
318
-
Since this process takes some time, it is not recommended in a production setting.
319
-
For a production setting, it's better to use `gather_attestation_tokens` (see below).
322
+
It's recommended to use the [nRF Device Provisioning](https://github.com/nrfconnect/sdk-nrf/tree/main/samples/cellular/nrf_provisioning) sample for this.
Use the `claim_devices` script to claim devices by sending the contents of a CSV file to the nRF Cloud REST API, along with a specified set of provisioning tags. By default, the script looks for a file named `attestation_tokens.csv`. If you want to use a different file, you can specify it using the `--csv` option followed by the file name.
@@ -428,3 +430,36 @@ The script can run in two modes:
428
430
```bash
429
431
nrf_cloud_device_mgmt --api-key $API_KEY
430
432
```
433
+
434
+
## nRF Credential Store
435
+
436
+
`nrfcredstore` is a command-line tool that simplifies the management of credentials stored in nRF91 modems.
437
+
438
+
It supports the following subcommands:
439
+
440
+
list List all keys stored in the modem
441
+
write Write key/cert to a secure tag
442
+
delete Delete value from a secure tag
443
+
deleteall Delete all keys in a secure tag
444
+
imei Get IMEI from the modem
445
+
attoken Get attestation token of the modem
446
+
generate Generate private key
447
+
448
+
### Examples
449
+
450
+
*#### List all keys stored in the modem
451
+
```bash
452
+
nrfcredstore /dev/ttyACM0 list
453
+
```
454
+
455
+
*#### Delete sectag 42, Key type ROOT_CA_CERT
456
+
```bash
457
+
nrfcredstore /dev/ttyACM0 delete 42 ROOT_CA_CERT
458
+
```
459
+
460
+
*#### Delete all keys in the modem, similar to a factory reset.
461
+
```bash
462
+
nrfcredstore /dev/ttyACM0 deleteall
463
+
```
464
+
465
+
More information can be found on the [nrfcredstore GitHub page](https://github.com/NordicSemiconductor/nrfcredstore/tree/main)
Copy file name to clipboardExpand all lines: README.md
+16-7Lines changed: 16 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -46,13 +46,13 @@ Run the following command to use this package as a dependency:
46
46
# Enable modem-based JSON Web Token (JWT) generation required for nRF Cloud authentication
47
47
CONFIG_MODEM_JWT=y
48
48
49
-
# Configure the nRF Cloud library to use the device's internal UUID as the client ID
49
+
# Configure the nRF Cloud library to use the device's internal UUID
50
50
CONFIG_NRF_CLOUD_CLIENT_ID_SRC_INTERNAL_UUID=y
51
-
52
-
# Define the modem security tag where nRF Cloud credentials will be stored (16842753 is the standard tag used by Nordic examples)
53
-
CONFIG_NRF_CLOUD_SEC_TAG=16842753
51
+
# Or IMEI as the device ID
52
+
CONFIG_NRF_CLOUD_CLIENT_ID_SRC_IMEI=y
53
+
# But not both at the same time
54
54
```
55
-
**Failure to include these settings will prevent the device from connecting to nRF Cloud.**
55
+
:warning:**Failure to include these settings will prevent the device from connecting to nRF Cloud.**
56
56
57
57
## How-To: Registering devices quickly
58
58
@@ -62,9 +62,18 @@ Start by creating a local certificate authority (CA). Its contents won't be chec
62
62
63
63
Now, you should have three `.pem` files containing the key pair and the CA certificate of your CA. The files have a unique prefix.
64
64
65
-
To get your device registered is using the `device_credentials_installer` script:
65
+
To get your device registered, use the `device_credentials_installer` script. Be aware of which device ID is your project using, as it can be either a UUID or an IMEI. Depending on your device ID type, use one of the following commands:
:warning:**Failure to select the correct device ID will result in a connection refused from nRF Cloud.**
68
77
69
78
Upon success, you can find an `onboard.csv` file with information about your device. This file is needed to register the certificate with your account.
70
79
If you encounter a `No device found` error, you might need to specify the serial port using the `--port` option.
0 commit comments