Google Git
Sign in
pigweed / third_party / github / project-chip / connectedhomeip / HEAD / . / credentials / test / revoked-attestation-certificates
tree: 0d299c3d713e97608c3fd7350022229adccbcf95 [path history] [tgz]
  1. dac-provider-test-vectors/
  2. indirect/
  3. revocation-sets/
  4. Chip-Test-PAA-FFF1-Cert.der../../test/attestation/Chip-Test-PAA-FFF1-Cert.der
  5. Chip-Test-PAA-FFF1-Cert.pem../../test/attestation/Chip-Test-PAA-FFF1-Cert.pem
  6. Chip-Test-PAA-FFF1-Key.der../../test/attestation/Chip-Test-PAA-FFF1-Key.der
  7. Chip-Test-PAA-FFF1-Key.pem../../test/attestation/Chip-Test-PAA-FFF1-Key.pem
  8. Matter-Development-PAI-FFF1-noPID-Cert.der../../development/attestation/Matter-Development-PAI-FFF1-noPID-Cert.der
  9. Matter-Development-PAI-FFF1-noPID-Cert.pem../../development/attestation/Matter-Development-PAI-FFF1-noPID-Cert.pem
  10. Matter-Development-PAI-FFF1-noPID-Key.der../../development/attestation/Matter-Development-PAI-FFF1-noPID-Key.der
  11. Matter-Development-PAI-FFF1-noPID-Key.pem../../development/attestation/Matter-Development-PAI-FFF1-noPID-Key.pem
  12. Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Cert.der
  13. Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Cert.pem
  14. Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Key.der
  15. Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Key.pem
  16. Chip-Test-DAC-FFF1-8001-Signed-By-Revoked-PAI-Cert.der
  17. Chip-Test-DAC-FFF1-8001-Signed-By-Revoked-PAI-Cert.pem
  18. Chip-Test-DAC-FFF1-8001-Signed-By-Revoked-PAI-Key.der
  19. Chip-Test-DAC-FFF1-8001-Signed-By-Revoked-PAI-Key.pem
  20. Chip-Test-PAA-FFF1-CRL.der
  21. Chip-Test-PAA-FFF1-CRL.pem
  22. Chip-Test-PAI-FFF1-noPID-Revoked-Cert.der
  23. Chip-Test-PAI-FFF1-noPID-Revoked-Cert.pem
  24. Chip-Test-PAI-FFF1-noPID-Revoked-CRL.der
  25. Chip-Test-PAI-FFF1-noPID-Revoked-CRL.pem
  26. Chip-Test-PAI-FFF1-noPID-Revoked-Key.der
  27. Chip-Test-PAI-FFF1-noPID-Revoked-Key.pem
  28. Matter-Development-DAC-FFF1-8001-Revoked-01-Cert.der
  29. Matter-Development-DAC-FFF1-8001-Revoked-01-Cert.pem
  30. Matter-Development-DAC-FFF1-8001-Revoked-01-Key.der
  31. Matter-Development-DAC-FFF1-8001-Revoked-01-Key.pem
  32. Matter-Development-DAC-FFF1-8001-Revoked-02-Cert.der
  33. Matter-Development-DAC-FFF1-8001-Revoked-02-Cert.pem
  34. Matter-Development-DAC-FFF1-8001-Revoked-02-Key.der
  35. Matter-Development-DAC-FFF1-8001-Revoked-02-Key.pem
  36. Matter-Development-DAC-FFF1-8001-Revoked-03-Cert.der
  37. Matter-Development-DAC-FFF1-8001-Revoked-03-Cert.pem
  38. Matter-Development-DAC-FFF1-8001-Revoked-03-Key.der
  39. Matter-Development-DAC-FFF1-8001-Revoked-03-Key.pem
  40. Matter-Development-PAI-FFF1-noPID-CRL.der
  41. Matter-Development-PAI-FFF1-noPID-CRL.pem
  42. README.md
credentials/test/revoked-attestation-certificates/README.md

Revoked Attestation Certificates

This directory contains test certificates, keys, and CRLs for device attestation revocation testing scenarios. The test certificates and keys are intended to be used for testing purposes only and should not be used in production environments.

Direct CRL Signing

In this approach, the CA directly signs the Certificate Revocation List (CRL).

PAA Signed CRL

Process:

  1. PAA issues the PAI
  2. PAI issues the DAC
  3. PAA revokes the PAI and updates the CRL
  • PAA: Chip-Test-PAA-FFF1-Cert.[pem|der]
  • CRL: Chip-Test-PAA-FFF1-CRL.[der|pem]
  • PAI(revoked): Chip-Test-PAI-FFF1-noPID-Revoked-Cert.[pem|der]
  • DAC(signed by revoked PAI): Chip-Test-DAC-FFF1-8001-Signed-By-Revoked-PAI-Cert.[pem|der]

PAI Signed CRL

Process:

  1. PAI issues the 3 DACs
  2. PAI issues the DAC and updates the CRL
  • PAI: Matter-Development-PAI-FFF1-noPID-Cert.[pem|der]
  • CRL: Matter-Development-PAI-FFF1-noPID-CRL.[pem|der]
  • DACs(revoked):
    • Matter-Development-DAC-FFF1-8001-Revoked-01-Cert.[pem|der]
    • Matter-Development-DAC-FFF1-8002-Revoked-02-Cert.[pem|der]
    • Matter-Development-DAC-FFF1-8003-Revoked-03-Cert.[pem|der]

Indirect CRL Signing (delegated CRL signing)

In this approach, the CA delegates the CRL signing responsibility to a separate entity.

Please take an example PKI Indirect CRL Signing.

  • PAA: Chip-Test-PAA-FFF1-Cert.[pem|der]

  • PAIs:

    • indirect/Chip-Test-PAI-FFF1-01-Cert.[pem|der]
      • DAC: indirect/Chip-Test-DAC-FFF1-8001-Signed-By-Test-PAI-01-Cert.[pem|der]
    • indirect/Chip-Test-PAI-FFF1-02-Cert.[pem|der]
      • DAC: indirect/Chip-Test-DAC-FFF1-8001-Signed-By-Test-PAI-02-Cert.[pem|der] indirect/Chip-Test-DAC-02-FFF1-8001-Signed-By-Test-PAI-02-Cert.[pem|der]
    • indirect/Chip-Test-PAI-FFF1-03-Cert.[pem|der]

  • PAA Delegate: indirect/Chip-Test-PAA-Delegate-FFF1-Cert.[pem|der]

  • PAA Delegated CRL: indirect/Chip-Test-PAA-FFF1-Delegated-CRL.[pem|der]

  • PAI Delegate Key for all PAIs: indirect/Chip-Test-PAI-Delegate-FFF1-Key.pem

  • PAI Delegates:

    • indirect/Chip-Test-PAI-Delegate-FFF1-01-Cert.[pem|der]
    • indirect/Chip-Test-PAI-Delegate-FFF1-02-Cert.[pem|der]
    • indirect/Chip-Test-PAI-Delegate-FFF1-03-Cert.[pem|der]

  • PAI Delegated CRL: indirect/Chip-Test-PAI-FFF1-Delegated-CRL.[pem|der]

  • PAI Delegated CRL with Certificate Issuer CRL entry extension, only first entry has the extension: indirect/Chip-Test-PAI-FFF1-Delegated-CRL-With-Cert-Issuer-Extension.[pem|der]