RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/MicrochipTech/cryptoauthlib/wiki/Extending-Certificate-Years below:

Extending Certificate Years · MicrochipTech/cryptoauthlib Wiki · GitHub

Updated CAL Compressed Certificate Format: Extended Years Support

Secure element ICs provisioned with compressed certificates after the year 2031 will be incompatible with CryptoAuthLib versions earlier than 3.7.5. To ensure compatibility and proper functionality, it is recommended to use CryptoAuthLib version 3.7.5 or later.

This section details the required changes and provides guidance on updating cryptoauthlib to use the upgraded format.

This update may impact existing users who utilize compressed certificates with CAL library versions lesser than v3.7.5.

Current Limitation:
CAL compressed certificates using format 0 (the default) support certificate issue and expiry years only up to 2031
New Support:
To allow certificate validity beyond 2031, a new compressed certificate format (format 1) is introduced
Affected Module:
These changes specifically impact the atcacert module of the CAL library

Existing Compressed Certificate Format (Format 0)

Certificate Size: 72 bytes
Format Version:
- Byte 70 - Lower 4 bits: 0b0000 (format 0)
Encoded Dates:
- Bytes 64–66: Encoded issue and expiry years

Bytes Bytes/Bits Field Name Description 0–63 64 bytes Signature Digital Signature 64–66 3 bytes Encoded Dates Encoded date-related info 67–68 2 bytes Signer ID Identifier of the signer 69 High 4 bits Template ID Template identifier 69 Low 4 bits Chain ID Identifier for chain 70 High 4 bits SN Source Source of serial number 70 Low 4 bits Format Version Version of the format 71 1 byte Reserved Reserved for future use

Encoded dates i.e., bytes 64 – 66 is detailed as below

Revised Compressed Certificate Format (Format 1) Updated Compressed Certificate Format: Byte 70 and Byte 71

Byte 70: Format Version Update
- The Format Version is incremented from 0 to 1 to reflect the new encoding scheme.
Byte 71: Bit Reallocation

Field Composition Breakdown

issue_year is now constructed using:
- Byte 64 → Bits 3 to 7 (5 bits)
- Byte 71 → Bits 6 and 7 (2 bits)
- Total: 7 bits → allows representing years from 0 to 127
```
issue_year = { Byte 64 :: Bits 3–7 } + { Byte 71 :: Bits 6–7 }
```

expire_years is now constructed using:
- Byte 66 → Bits 0 to 4 (5 bits)
- Byte 71 → Bits 4 and 5 (2 bits)
- Total: 7 bits → allows representing years from 0 to 127
```
expire_year = { Byte 64 :: Bits 3–7 } + { Byte 71 :: Bits 6–7 }
```

For users seeking extended year (format 1) support, select the appropriate patch to add format-1 support on top of their current CAL code. This allows continued use of devices provisioned with either format 0 or 1 certificates.

CAL Version(s) Patch to Apply v3.3.3, v3.4.0, v3.5.0 extended_year_v350.patch v3.6.0 extended_year_v360.patch v3.6.1, v3.7.0 extended_year_v370.patch v3.7.1, v3.7.2, v3.7.3 extended_year_v371.patch v3.7.4 extended_year_v374.patch >= v3.7.5 Natively supported Applying Patch to CAL Library

Make a note of an appropriate patch to be applied to your cryptoauthlib

1. Download Patch Package

Download the patch release file from the official GitHub release page using your browser or a command-line tool:
Download Patch Release

Based on the upgrade requirement, slect and copy the appropriate extended_year_v3xy.patch to your cryptoauthlib folder and apply it using the following command

cd <cryptoauthlib folder>

git apply extended_year_v3xy.patch

Alternately

patch -p1 < extended_year_v3xy.patch

Check whether the patch has been applied successfully

Refer Configuration Page for details to build CAL as per your existing build configuration

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4