Set command

The set command is used for credential storage management. The command writes, reads, deletes, and checks the existence of keys and certificates.

The write and delete operations are allowed only when the modem is not activated.

Syntax:

%CMNG=<opcode>[,<sec_tag>[,<type>[,<content>[,<passwd>]]]]

Response syntax for read operation:

%CMNG: <sec_tag>,<type>[,<sha>[,<content>]]
Response syntax for list operation:
%CMNG: <sec_tag>,<type>[,<sha>]

<sec_tag> <type> shall be a unique pair, no multiple items with the same <sec_tag> and <type> values are allowed.

+CME ERROR codes
513 – Not found. Applies to read, write, and delete.
514 – No access. Applies to read, write, and delete.
515 – Memory full. Applies to write.
518 – Not allowed in active state

The command parameters and their defined values are the following:

<opcode>
0 – Write
1 – List
2 – Read
3 – Delete
<sec_tag>
Integer, 0 – 2147483647.

Mandatory for write, read, and delete operations. Optional for list operation.

<type>
0 – Root CA certificate (ASCII text)
1 – Client certificate (ASCII text)
2 – Client private key (ASCII text)
3 – Pre-shared Key (PSK) (ASCII text in hexadecimal string format)
4 – PSK identity (ASCII text)
5 – Public Key (ASCII text)
Mandatory if <opcode> is write, read, or delete. Parameter <type> with the value Public Key can only be used when parameter <opcode> is delete.
<content>
String. Mandatory if <opcode> is write. An empty string is not allowed. A Privacy Enhanced Mail (PEM) file enclosed in double quotes (X.509 PEM entities). Base64-encoded string in double quotes (PSK).
<passwd>
String. PKCS#8 password. Mandatory for writing a type 2 encrypted private key, ignored for other types. Maximum length 32 characters.
<sha>
String. SHA-256 digest of the entity (DER, PEM) as stored in the filesystem, 64 hexadecimal characters (representing a 256 bit vector).
Note:
  • <content> in the read response is exactly what is written, including <CR>, <LF>, and other characters. The characters outside the double quotes are part of the AT response format.
  • Reading types 1, 2, and 3 are not supported.

The following command example writes the root certificate:

AT%CMNG=0, 12345678, 0,"
-----BEGIN CERTIFICATE-----
MIIDSjCCA...
...bKbYK7p2CNTUQ
-----END CERTIFICATE-----”
OK

The following command example writes the client certificate:

AT%CMNG=0,567890,1,"
-----BEGIN CERTIFICATE-----
MIIBc464...
...bW9aAa4
-----END CERTIFICATE-----”
OK

The following command example writes the private key:

AT%CMNG=0,123,2,"
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICz...
...ukBu
-----END ENCRYPTED PRIVATE KEY-----”, ”abcdefg”
OK

The following command example lists a single item by specifying tag and type:

AT%CMNG=1,12345678, 0
%CMNG: 12345678, 0, "978C...02C4"
OK

The following command example lists a single tag:

AT%CMNG=1,12345678
%CMNG: 12345678, 0, "978C...02C4"
%CMNG: 12345678, 1, "1A8C...02BB"
OK

The following command example lists all stored credentials:

AT%CMNG=1
%CMNG: 12345678, 0, "978C...02C4"
%CMNG: 567890, 1, "C485...CF09"
%CMNG: 123, 2, "92E1...8AC8"
%CMNG: 654321, 3, "E0C9...511D"
OK

The following command example reads the root certificate with tag 12345678:

AT%CMNG=2, 12345678, 0
%CMNG: 12345678, 0, "978C...02C4",
"-----BEGIN CERTIFICATE-----
MIIBc464...
...bW9aAa4
-----END CERTIFICATE-----"
OK

The following command example deletes a client certificate with tag 123:

AT%CMNG=3,123,1
OK

The following command example reads a non-existing root certificate with tag 4567. Error code 513 is returned:

AT%CMNG=2,4567,0
+CME ERROR: 513