Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Components of Amazon Sidewalk manufacturing

The following section describes the key components of Amazon Sidewalk manufacturing process.


Device attestation key (DAK)

The device attestation key (DAK) is a certificate that is endorsed by the product certificate. It is used to endorse the device certificates that authenticate the Sidewalk device with the Sidewalk network server. For prototype devices, the cloud maintains a Prototype DAK which is used to sign the prototype device certificates. For devices that are manufactured in the Contract Manufacturer (CM), the Production DAK is provided in a Hardware Security Module (HSM).

The DAK is tied to the Sidewalk device profile created with AWS IoT Core for Amazon Sidewalk.

Sidewalk certificates

Sidewalk certificate chain

The Sidewalk certificate chain is a collection of certificates which consists of Amazon Root Certificate Authority (CA), multiple intermediate CAs including DAK and leaf certificate which corresponds to Device certificates. It provides a chain of trust to the Amazon Root CA. When manufacturing your devices, the entire public certificate chain from device to root is uploaded during control log ingestion.

Application service key pair

This key pair is unique to each application server. It authenticates the application server with the Sidewalk device. Devices that connect to the same application server use the same application server key pair. The public key is located in the manufacturing data storage on your Sidewalk device.

Sidewalk network server certificate

This certificate is used to authenticate the Sidewalk network server with the device. All Sidewalk devices use the same Sidewalk network server certificate. This certificate is located in the Sidewalk SDK on your device.

Hardware Security Module (HSM)

HSM is a secure hardware key-store for the manufacturing industry. To enable device manufacturing for a product, Sidewalk provisions the DAK certificate including the DAK private key onto the HSM. HSM is used during provisioning process at the CM to orchestrate signing of the device certificates without exposing the DAK private key. HSM also includes the full intermediate public certificate chain up to Amazon Root. HSM can be purchased from the YubiHSM webpage

For more information about starting manufacturing and requesting the HSM key, contact Amazon Sidewalk Support.

Advertised Product ID (APID)

The APID parameter is an alphanumeric string which is needed during manufacturing. APID is located in the manufacturing data storage on your Sidewalk device. After receiving HSM key from Sidewalk, you would be able to obtain APID information from the AWS IoT console, or using the GetDeviceProfile API opertation, or the get-device-profile CLI command that’s provided by AWS IoT Core for Amazon Sidewalk.

If customer already has an APID (by interacting with other Amazon systems), Sidewalk team can link it to customer’s Sidewalk device profile for pre-production or production purposes. In absence of customer provided APID, Sidewalk team would generate one and associate it with the given device profile.

For prototype devices, the DeviceTypeId must be used instead of the ApId. The ApId must be used only for production or pre-production devices.

Back to top

©2023, Inc. or its affiliates (collectively, “Amazon”). All Rights Reserved.