Set command

The set command is used for credential storage management. The command writes, reads, deletes, and checks the existence of keys and certificates.

The write and delete operations are allowed only when the modem is not activated.

Syntax:

%CMNG=<opcode>[,<sec_tag>[,<type>[,<content>[,<passwd>]]]]

Response syntax for read operation:

%CMNG: <sec_tag>,<type>[,<sha>[,<content>]]
Response syntax for list operation:
%CMNG: <sec_tag>,<type>[,<sha>]

<sec_tag> <type> shall be a unique pair, no multiple items with the same <sec_tag> and <type> values are allowed.

+CME ERROR codes
513 – Not found. Applies to read, write, and delete.
514 – No access. Applies to read, write, and delete.
515 – Memory full. Applies to write.
518 – Not allowed in active state

The command parameters and their defined values are the following:

<opcode>
0 – Write
1 – List
2 – Read
3 – Delete
<sec_tag>
Integer, 0 – 2147483647.

Mandatory for write, read, and delete operations. Optional for list operation.

<type>
0 – Root CA certificate (ASCII text)
1 – Client certificate (ASCII text)
2 – Client private key (ASCII text)
3 – Pre-shared Key (PSK) (ASCII text in hexadecimal string format)
4 – PSK identity (ASCII text)
5 – Public Key (ASCII text)
Mandatory if <opcode> is write, read, or delete. Parameter <type> with the value Public Key can only be used when parameter <opcode> is delete.
<content>
String. Mandatory if <opcode> is write. An empty string is not allowed. A Privacy Enhanced Mail (PEM) file enclosed in double quotes (X.509 PEM entities). Base64-encoded string in double quotes (PSK).
<passwd>
String. PKCS#8 password. Mandatory for writing a type 2 encrypted private key, ignored for other types. Maximum length 32 characters.
<sha>
String. SHA-256 digest of the entity (DER, PEM) as stored in the filesystem, 64 hexadecimal characters (representing a 256 bit vector).
Note:
  • <content> in the read response is exactly what is written, including <CR>, <LF>, and other characters. The characters outside the double quotes are part of the AT response format.
  • Reading types 1, 2, and 3 are not supported.

The example command writes the root certificate:

AT%CMNG=0, 12345678, 0,"
-----BEGIN CERTIFICATE-----
MIIDSjCCA...
...bKbYK7p2CNTUQ
-----END CERTIFICATE-----”
OK

The example command writes the client certificate:

AT%CMNG=0,567890,1,"
-----BEGIN CERTIFICATE-----
MIIBc464...
...bW9aAa4
-----END CERTIFICATE-----”
OK

The example command writes the private key:

AT%CMNG=0,123,2,"
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICz...
...ukBu
-----END ENCRYPTED PRIVATE KEY-----”, ”abcdefg”
OK

The example command lists a single item by specifying tag and type:

AT%CMNG=1,12345678, 0
%CMNG: 12345678, 0, "978C...02C4"
OK

The example command lists a single tag:

AT%CMNG=1,12345678
%CMNG: 12345678, 0, "978C...02C4"
%CMNG: 12345678, 1, "1A8C...02BB"
OK

The example command lists all stored credentials:

AT%CMNG=1
%CMNG: 12345678, 0, "978C...02C4"
%CMNG: 567890, 1, "C485...CF09"
%CMNG: 123, 2, "92E1...8AC8"
%CMNG: 654321, 3, "E0C9...511D"
OK

The example command reads the root certificate with tag 12345678:

AT%CMNG=2, 12345678, 0
%CMNG: 12345678, 0, "978C...02C4",
"-----BEGIN CERTIFICATE-----
MIIBc464...
...bW9aAa4
-----END CERTIFICATE-----"
OK

The example command deletes a client certificate with tag 123:

AT%CMNG=3,123,1
OK

The example command reads a non-existing root certificate with tag 4567. Error code 513 is returned:

AT%CMNG=2,4567,0
+CME ERROR: 513