https://community.nxp.com/t5/S32K/How-to-read-CSEc-keys/m-p/1812509#M31896 <P>Hi <a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/227252">@xiongsl</a>&nbsp;<BR />SDK won't support RSA2048 because there's no such hardware feature on CSEc.<BR />And there's no way to store such key to the CSEc. Nonvolatile keys can't be exported from CSEc. This would violate SHE specification. Only RAM key can be exported if plain key attribute is cleared. <BR />So, the only option I can see in case of S32K1 device is to emulate this function by software (like wolfssl) and store the key in normal flash. <BR />Regards,<BR />Lukas</P> Wed, 21 Feb 2024 06:35:00 GMT lukaszadrapa 2024-02-21T06:35:00Z https://community.nxp.com/t5/S32K/How-to-read-CSEc-keys/m-p/1812424#M31886 <P>Hello,</P><P>My software needs to support RSA2048, but the SDK doesn't support it yet.</P><P>If the key is stored to CSEc, how can I read the key so that the software can complete the digital signature?</P><P>Key length is 256 bytes.</P> Wed, 21 Feb 2024 04:40:24 GMT https://community.nxp.com/t5/S32K/How-to-read-CSEc-keys/m-p/1812424#M31886 xiongsl 2024-02-21T04:40:24Z https://community.nxp.com/t5/S32K/How-to-read-CSEc-keys/m-p/1812509#M31896 <P>Hi <a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/227252">@xiongsl</a>&nbsp;<BR />SDK won't support RSA2048 because there's no such hardware feature on CSEc.<BR />And there's no way to store such key to the CSEc. Nonvolatile keys can't be exported from CSEc. This would violate SHE specification. Only RAM key can be exported if plain key attribute is cleared. <BR />So, the only option I can see in case of S32K1 device is to emulate this function by software (like wolfssl) and store the key in normal flash. <BR />Regards,<BR />Lukas</P> Wed, 21 Feb 2024 06:35:00 GMT https://community.nxp.com/t5/S32K/How-to-read-CSEc-keys/m-p/1812509#M31896 lukaszadrapa 2024-02-21T06:35:00Z https://community.nxp.com/t5/S32K/How-to-read-CSEc-keys/m-p/1813298#M31944 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/37795">@lukaszadrapa</a>&nbsp;</P><P>In other words, only the 16-byte key of RAM_KEY supports reading. KEY_01~KEY_17 does not support reading, so the RSA2048 key can only be stored in FLASH or EEPROM.<BR />Regards,<BR />xiongsl</P> Thu, 22 Feb 2024 02:27:22 GMT https://community.nxp.com/t5/S32K/How-to-read-CSEc-keys/m-p/1813298#M31944 xiongsl 2024-02-22T02:27:22Z https://community.nxp.com/t5/S32K/How-to-read-CSEc-keys/m-p/1813305#M31946 <P>Can the attributes of KEY_01~KEY_17 be cleared and changed to something like RAM_KEY?</P> Thu, 22 Feb 2024 02:35:50 GMT https://community.nxp.com/t5/S32K/How-to-read-CSEc-keys/m-p/1813305#M31946 xiongsl 2024-02-22T02:35:50Z https://community.nxp.com/t5/S32K/How-to-read-CSEc-keys/m-p/1813447#M31959 <P>No, such changes can't be done in CSEc.</P> Thu, 22 Feb 2024 06:07:51 GMT https://community.nxp.com/t5/S32K/How-to-read-CSEc-keys/m-p/1813447#M31959 lukaszadrapa 2024-02-22T06:07:51Z https://community.nxp.com/t5/S32K/How-to-read-CSEc-keys/m-p/1813456#M31960 <P>Okay, thanks for the answer.</P> Thu, 22 Feb 2024 06:12:01 GMT https://community.nxp.com/t5/S32K/How-to-read-CSEc-keys/m-p/1813456#M31960 xiongsl 2024-02-22T06:12:01Z