v1.0 Public Key Certificate¶
Use this path if you want to explore the obsolete v1.0 PKC platform certificate.
Inputs¶
Download these input files into your working directory, or substitute your own local paths:
- Issuer certificate: TestCA.cert.example.pem
- Issuer private key: TestCA.private.example.pem
- Holder certificate: TestCA.cert.example.pem
- Attributes JSON: base-bare-bones-policyreference-v1.json
- Components JSON: base-bare-bones-componentlist-v1.json
- Extensions JSON: extentionspkc.json
If you do not want to use the linked test issuer material, use Generate Local Demo PKI and replace the issuer certificate and local-key filenames below.
Verify the target Platform Certificate version¶
- Reference the Attribute JSON file referenced in the Inputs section.
- Follow these instructions.
- Verify it reflects majorVersion 1 and minorVersion 0.
Generate the envelope¶
bin/paccor certgen \
--kind PKC \
--serial 1 \
--not-before 20240101 \
--not-after 20300101 \
--issuer-cert TestCA.cert.example.pem \
--holder-cert TestCA.cert.example.pem \
--attributes-json base-bare-bones-policyreference-v1.json \
--components-json base-bare-bones-componentlist-v1.json \
--extensions-json extentionspkc.json \
--sig-profile rsa-sha256 \
--finalize \
--out v10-pkc-envelope.json
Assemble the envelope¶
Choose one signing mode:
For the full option set, see Signing Modes.
Validate¶
bin/paccor validate \
--pkcPlatformCert v10-pkc-cert.pem \
--publicKeyCert TestCA.cert.example.pem \
--components-json base-bare-bones-componentlist-v1.json
Notes¶
This is a compatibility flow. If you do not need v1.0 output specifically, the v2.1 Public Key Certificate path is the default.