CycloneEST
EST Client Library

CycloneEST is an EST (Enrollment over Secure Transport) client implementation designed for embedded applications. EST is a certificate management protocol that provides a secure method for IoT devices to enroll for X.509 certificates over HTTPS. EST automates certificate provisioning and renewal, ensuring secure device identities without requiring manual intervention.

CycloneEST is available either as open source (GPLv2 license) or under a royalty-free commercial license (non-GPL license). We also propose an evaluation license (90-day license in source form) with technical support for an easier onboarding and effective evaluation of our software.



Main Features

  • EST protocol implementation as per RFC 7030
  • Client mode of operation
  • Certificate management (enrollment and re-enrollment operations)
  • Supports RSA and ECDSA certificates
  • Supports HTTP Basic and Digest authentication
  • Supports TLS Channel Binding for linking identity and proof-of-possession
  • Comprehensive user API
  • Flexible memory footprint. Built-time configuration to embed only the necessary features
  • Portable architecture (no processor dependencies)
  • The library is distributed as a full ANSI C and highly maintainable source code
  • ARM Cortex-M3
  • ARM Cortex-M4
  • ARM Cortex-M7
  • ARM Cortex-M33
  • ARM Cortex-M55
  • ARM Cortex-M85
  • ARM Cortex-R4
  • ARM Cortex-A5
  • ARM Cortex-A7
  • ARM Cortex-A8
  • ARM Cortex-A9
  • Legacy ARM7TDMI / ARM926EJ-S
  • RISC-V
  • MIPS M4K
  • MIPS microAptiv / M-Class
  • Infineon TriCore AURIX
  • PowerPC e200
  • Coldfire V2
  • RX600
  • AVR32
  • Xtensa LX6
  • Amazon FreeRTOS
  • SafeRTOS
  • ChibiOS/RT
  • CMSIS-RTOS
  • CMSIS-RTOS2
  • CMX-RTX
  • Keil RTXv4 and RTXv5
  • Micrium µC/OS-II and µC/OS-III
  • Eclipse ThreadX
  • PX5 RTOS
  • Segger embOS
  • TI-RTOS (SYS/BIOS)
  • Zephyr RTOS
  • Bare Metal programming (without RTOS)
Toolchain / IDECompiler
MakefileGCC
AC6 System Workbench for STM32 (SW4STM32)GCC
Atollic TrueSTUDIOGCC
Espressif ESP-IDFGCC
HighTec Toolset for TriCoreGCC
IAR Embedded WorkbenchEWARM, EWRX
Infineon DAVEGCC
Keil MDK-ARMARM Compiler v5, ARM Compiler v6 (CLANG)
Microchip Studio (Atmel Studio)GCC
Microchip MPLAB XGCC, XC32
Microsoft Visual StudioMSVC
NXP MCUXpressoGCC
NXP S32 Design Studio (S32DS)GCC
Renesas e2StudioGCC, CC-RX
Segger Embedded StudioGCC
ST STM32CubeIDEGCC
Tasking VX-ToolsetVX-Toolset for TriCore
TI Code Composer Studio (CSS)GCC, ARM-CGT
  • RFC 7030: Enrollment over Secure Transport
  • RFC 2315: PKCS #7: Cryptographic Message Syntax Version 1.5
  • RFC 2986: PKCS #10: Certification Request Syntax Specification Version 1.7
  • RFC 5929: Channel Bindings for TLS