v1.0 Public Key Certificate¶
Use this path if you want to explore the obsolete v1.0 PKC platform certificate.
Inputs¶
Download these input files into your working directory, or substitute your own local paths:
- Issuer certificate: [TestCA.cert.example.pem][res-testca-cert]
- Issuer private key: [TestCA.private.example.pem][res-testca-key]
- Holder certificate: [TestCA.cert.example.pem][res-testca-cert]
- Attributes JSON: [base-bare-bones-policyreference-v1.json][res-bare-policy-v1]
- Components JSON: [base-bare-bones-componentlist-v1.json][res-bare-components-v1]
- Extensions JSON: [extentionspkc.json][res-different-extensions-pkc]
If you do not want to use the linked test issuer material, use Generate Local Demo PKI and replace the issuer certificate and local-key filenames below.
Generate the envelope¶
bin/paccor certgen \
--kind PKC \
--serial 1 \
--not-before 20240101 \
--not-after 20300101 \
--issuer-cert TestCA.cert.example.pem \
--holder-cert TestCA.cert.example.pem \
--attributes-json base-bare-bones-policyreference-v1.json \
--components-json base-bare-bones-componentlist-v1.json \
--extensions-json extentionspkc.json \
--sig-profile rsa-sha256 \
--finalize \
--out v10-pkc-envelope.json
Assemble the envelope¶
Choose one signing mode:
For the full option set, see Signing Modes.
Validate¶
bin/paccor validate \
--pkcPlatformCert v10-pkc-cert.pem \
--publicKeyCert TestCA.cert.example.pem \
--components-json base-bare-bones-componentlist-v1.json
Notes¶
This is a compatibility flow. If you do not need v1.0 output specifically, the v2.1 Public Key Certificate path is the default.