ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

EdgeLock SE051 delete provisioned objects

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

EdgeLock SE051 delete provisioned objects

ソリューションへジャンプ
‎11-30-2022 05:04 AM
746件の閲覧回数
LAc00
Contributor II

Hello Experts,

For EC_KEY authentication I provisioned the public key of the host key pair. (Do we need to provision this public key?)

But now I would like to change it. So I would like to delete this provisioned public key first. How could I do it? With Se05x_API_DeleteSecureObject function it is not possible.

Help me please! Thank you!

 

Best regards, 

Laszlo

 

タグ(1)
0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎12-04-2022 07:43 PM
707件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @LAc00 ,

 

Indeed the DeleteALL command deletes all Secure Objects, all curves and Crypto Objects except the  secure objects that are trust provisioned by NXP, so the kSE05x_ECCurve_NIST_P256 curve needs to be created again with the command of CreateECCurve, otherwise the public part of an EC key can not be written into this SE again.

 

BTW, I noticed you set the policy for the public part of an EC key as NULL, and Auth type as well, so it is the expected result that this secure object can only be erased by the deleteAll command.

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

元の投稿で解決策を見る

0 件の賞賛
返信
4 返答(返信)

ソリューションへジャンプ
‎12-01-2022 06:52 PM
730件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hello @LAc00 ,

 

How did you set up the policy for the provisioned public key? That might be the root cause for your issue.

 

For EC_KEY authentication you may just generate the EC_KEY pair inside the secure element , then fetch the public key,  alternatively you may import the key pair generated externally.

 

Hope that helps,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

0 件の賞賛
返信

ソリューションへジャンプ
‎12-02-2022 02:25 AM
715件の閲覧回数
LAc00
Contributor II

Hello @Kan_Li ,

The provisioning looks like this:

We have a generated EC key pair. We generated it with openssl. This is the keypair for the host.

The public part of this EC key pair was written into the SE with this command:

Se05x_API_WriteECKey(&pSession->s_ctx, NULL, SE05x_MaxAttemps_UNLIMITED, id, kSE05x_ECCurve_NIST_P256, NULL, 0, ECKey_SE_PublicEcdsakey, publicKeyLen, (SE05x_INS_t)kSE05x_AttestationType_AUTH, kSE05x_KeyPart_Public);

Of course I opened a plain (default) session before this call.

 

And then in the night I could solve to delete this object, with the factory reset. I created an Auth_ID object on the FACTORY RESET object ID. I opened a session with it, and I called this:

Se05x_API_DeleteAll(&pSession->s_ctx);

Now I would like to provision an EC key again (as I wrote it above), but it is not working.

Could you tell, what is needed/mandatory after a factory reset? I think something is missing and that is why I can not write the public part of an EC key into the SE again.

 

Thank you!

 

Best regards,

 

Laszlo

0 件の賞賛
返信

ソリューションへジャンプ
‎12-04-2022 07:43 PM
708件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @LAc00 ,

 

Indeed the DeleteALL command deletes all Secure Objects, all curves and Crypto Objects except the  secure objects that are trust provisioned by NXP, so the kSE05x_ECCurve_NIST_P256 curve needs to be created again with the command of CreateECCurve, otherwise the public part of an EC key can not be written into this SE again.

 

BTW, I noticed you set the policy for the public part of an EC key as NULL, and Auth type as well, so it is the expected result that this secure object can only be erased by the deleteAll command.

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 件の賞賛
返信

ソリューションへジャンプ
‎12-08-2022 02:11 AM
698件の閲覧回数
LAc00
Contributor II

Hi @Kan_Li ,

 

Thank you very much! This was the solution for me!

 

Have a nice day!

 

Best regards,

 

Laszlo

0 件の賞賛
返信