-
Notifications
You must be signed in to change notification settings - Fork 218
Agent Signing
The creation of a signed agent package requires four certificates. The developer (creator) certificate is used to sign the agent code and allows the platform to verify that the agent code has not been modified since being distributed. The admin (soi) certificate is used for allowing the agent into a scope of influence. The initiator certificate is used when the agent is ready to be deployed into a specific platform. The platform certificate is used to sign the possibly modified data that an agent would like to carry with it during moving from platform to platform. All of these certificates must be signed by a "known" Certificate Authority (CA).
In order to facilitate the development of agents Volttron Resticted includes packaging commands for creating the platform CA as well as the CA signed certificates for use in the agent signing process.
When the Volttron Restricted package is installed on a platform the volttron-pkg command will be expanded to
usage: volttron-pkg [-h] [-l FILE] [-L FILE] [-q] [-v] [--verboseness LEVEL] {package,repackage,configure,create_ca,create_cert,sign,verify}
The additional (sub)commands:
- create_ca - Creates a platform specific root CA. When this command is executed the user will be required to respond to prompts in order to fill out the certificate's data.
- create_cert - Allows the creation of a ca signed certificate. A type of certificate must be specified as (--creator | --soi | --initiator | --platform) and the name(--name) of the certificate may be specified. The name will be used as the filename for the certificate on the platform.
- sign - Signs the agent package at the specified level.
- (ALWAYS REQUIRED) Agent package to be signed.
- (ALWAYS REQUIRED) Signing level must be specified as one of (--creator | --soi | --initiator | --platform) and must be presented in the correct order. In other words an soi cannot sign the package until the creator has signed it.
- --contract (resource contract) a file containing the definition of the necessary agent resources needed to execute properly. This option is only available to the creator.
- --config-file a file used to define custom configuration for the starting of agent on the platform. This option is available to the initiator.
- --certs_dir Allows the specification of where the certificate store is located. If this is not specified the default certificate store will be used.
- verify Allows the user to verify a package is valid.
- package - The agent package to validate against.
- Platform Agent
- VOLTTRON Central Agent
- Platform Commands
- Platform Configuration
- [Platform Hardening Security Recommendations] (Linux-Platform-Hardening-Recommendations-for-VOLTTRON-users)
- ...
- [Building VOLTTRON] (Building-VOLTTRON)
- Example Agents
- Agent Development
- [Shortcut Scripts] (Scripts)
- [VOLTTRON Conventions] (Conventions)
- [sMAP Test Server] (sMAP-Test-Instance)
- [Design Discussions] (Design Discussions)
- VIP
- VIP - VOLTTRON Interconnect Protocol
- RPC by example
- VIP - Known Identities
- VIP - Authentication
- VIP - Authorization
- Protecting Pub/Sub Topics
- Setup Eclipse for VOLTTRON
- Deployment Walkthrough
- Forward Historian Walkthrough
- [Create New Historian Agent] (Developing-Historian-Agents)
- [Create New Driver Agent] (Develop-Driver-Agent)
- [Developing With Eclipse] (Eclipse)
- Migrations
- [2.x to 3.x Migration](2.x-to 3.x-Migration)
- 1.2 to 2.0 Migration
- [Deployment Recommendations](Recommendations for Deployments)
VOLTTRON Versions and Features
Transactional Network Platform Overview
- Established Topics
- Working with the Actuator Agent
- Logging
- [Multi-Node Communication] (MultiBuildingMessaging)
Information Exchange Standards