https://community.nxp.com/t5/Secure-Authentication/Encrypted-Key-KEK-injection/m-p/1575217#M1067 <P><a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/59276">@Kan_Li</a>&nbsp;- Kan, this is very very VERY helpful!!! You've made my day - Thanks a lot!</P> Wed, 28 Dec 2022 13:47:27 GMT psvz 2022-12-28T13:47:27Z https://community.nxp.com/t5/Secure-Authentication/Encrypted-Key-KEK-injection/m-p/1574650#M1049 <P>I couldn't find source code for function&nbsp;<EM>Se05x_API_WriteSymmKey()</EM></P><P>Could you please confirm that key decryption and persistence is handled atomically inside SE050, so that decrypted key is never transmitted back to the host?</P><P>I can see from the source code that only symmetric keys can be injected with KEK. Could you please confirm requirements for KEK itself - is it only AES? DES? Could it be asymmetric? It would help if you had some example code...</P><P>Thank you.</P><P>&nbsp;</P> Mon, 26 Dec 2022 17:17:12 GMT https://community.nxp.com/t5/Secure-Authentication/Encrypted-Key-KEK-injection/m-p/1574650#M1049 psvz 2022-12-26T17:17:12Z https://community.nxp.com/t5/Secure-Authentication/Encrypted-Key-KEK-injection/m-p/1574755#M1054 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/210414">@psvz</a>&nbsp;,</P> <P>&nbsp;</P> <P>Are you going to inject a&nbsp;<SPAN>symmetric key for both&nbsp;Encryption and&nbsp;Decryption? If so , please kindly refer to the demo in "simw-top\sss\ex\symmetric\ex_sss_symmetric.c" for details.</SPAN></P> <P>&nbsp;</P> <P>For&nbsp;<SPAN>symmetric keys, read back is not possible.</SPAN></P> <P>&nbsp;</P> <P>Have a great day,<BR />Kan</P> <P><BR />-------------------------------------------------------------------------------<BR />Note:<BR />- If this post answers your question, please click the "Mark Correct" button. Thank you!<BR />- We are following threads for 7 weeks after the last post, later replies are ignored<BR />Please open a new thread and refer to the closed one, if you have a related question at a later point in time.<BR />-------------------------------------------------------------------------------</P> Tue, 27 Dec 2022 03:22:50 GMT https://community.nxp.com/t5/Secure-Authentication/Encrypted-Key-KEK-injection/m-p/1574755#M1054 Kan_Li 2022-12-27T03:22:50Z https://community.nxp.com/t5/Secure-Authentication/Encrypted-Key-KEK-injection/m-p/1574905#M1058 <P><a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/59276">@Kan_Li</a>&nbsp;- the example&nbsp;<SPAN><EM>simw-top\sss\ex\symmetric\ex_sss_symmetric.c</EM> does NOT use KEK, so it is not helpful. Let's discuss all the questions because it is a deal-breaker for me:</SPAN></P><P><SPAN>1/ where is the source code </SPAN><SPAN>for function&nbsp;</SPAN><EM>Se05x_API_WriteSymmKey()?</EM></P><P>2/ when injecting with KEK (no examples available) - could<SPAN>&nbsp;you please confirm that key decryption and persistence is handled atomically inside SE050, so that decrypted key is never transmitted back to the host?</SPAN></P><P>3/ What type of key (AES, DES, RSA, EC) can SE050 use as KEK (not documented)?</P><P>If you could please answer each question or point me out to NXP product folks who could help?</P><P>Thank you.</P> Tue, 27 Dec 2022 11:42:07 GMT https://community.nxp.com/t5/Secure-Authentication/Encrypted-Key-KEK-injection/m-p/1574905#M1058 psvz 2022-12-27T11:42:07Z https://community.nxp.com/t5/Secure-Authentication/Encrypted-Key-KEK-injection/m-p/1575044#M1064 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/210414">@psvz</a>&nbsp;,</P> <P>&nbsp;</P> <P>Please kindly refer to the following for details.</P> <P>&nbsp;</P> <P><SPAN>1/ where is the source code&nbsp;</SPAN><SPAN>for function&nbsp;</SPAN><EM>Se05x_API_WriteSymmKey()?</EM></P> <P><EM>-Please refer to \simw-top\hostlib\hostLib\se05x_03_xx_xx\se05x_APDU_impl.h for details.</EM></P> <P>2/ when injecting with KEK (no examples available) - could<SPAN>&nbsp;you please confirm that key decryption and persistence is handled atomically inside SE050, so that decrypted key is never transmitted back to the host?</SPAN></P> <P><SPAN>- Yes, they are handled automatically inside the SE.</SPAN></P> <P>3/ What type of key (AES, DES, RSA, EC) can SE050 use as KEK (not documented)?</P> <P>-The key type is defined in&nbsp;<A href="https://www.rfc-editor.org/rfc/rfc3394" target="_blank">https://www.rfc-editor.org/rfc/rfc3394</A>&nbsp;.</P> <P>&nbsp;</P> <P>Please kindly refer to&nbsp;<A href="https://www.nxp.com/docs/en/application-note/AN12413.pdf" target="_blank">https://www.nxp.com/docs/en/application-note/AN12413.pdf</A>&nbsp;for more details.</P> <P>&nbsp;</P> <P>Hope that helps,</P> <P>&nbsp;</P> <P>Have a great day,<BR />Kan</P> <P><BR />-------------------------------------------------------------------------------<BR />Note:<BR />- If this post answers your question, please click the "Mark Correct" button. Thank you!<BR />- We are following threads for 7 weeks after the last post, later replies are ignored<BR />Please open a new thread and refer to the closed one, if you have a related question at a later point in time.<BR />-------------------------------------------------------------------------------</P> Wed, 28 Dec 2022 03:11:36 GMT https://community.nxp.com/t5/Secure-Authentication/Encrypted-Key-KEK-injection/m-p/1575044#M1064 Kan_Li 2022-12-28T03:11:36Z https://community.nxp.com/t5/Secure-Authentication/Encrypted-Key-KEK-injection/m-p/1575217#M1067 <P><a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/59276">@Kan_Li</a>&nbsp;- Kan, this is very very VERY helpful!!! You've made my day - Thanks a lot!</P> Wed, 28 Dec 2022 13:47:27 GMT https://community.nxp.com/t5/Secure-Authentication/Encrypted-Key-KEK-injection/m-p/1575217#M1067 psvz 2022-12-28T13:47:27Z