How to read CSEc keys

xiongsl · ‎02-20-2024

Hello,

My software needs to support RSA2048, but the SDK doesn't support it yet.

If the key is stored to CSEc, how can I read the key so that the software can complete the digital signature?

Key length is 256 bytes.

lukaszadrapa · ‎02-20-2024

Hi @xiongsl
SDK won't support RSA2048 because there's no such hardware feature on CSEc.
And there's no way to store such key to the CSEc. Nonvolatile keys can't be exported from CSEc. This would violate SHE specification. Only RAM key can be exported if plain key attribute is cleared.
So, the only option I can see in case of S32K1 device is to emulate this function by software (like wolfssl) and store the key in normal flash.
Regards,
Lukas

View solution in original post

lukaszadrapa · ‎02-20-2024

Hi @xiongsl
SDK won't support RSA2048 because there's no such hardware feature on CSEc.
And there's no way to store such key to the CSEc. Nonvolatile keys can't be exported from CSEc. This would violate SHE specification. Only RAM key can be exported if plain key attribute is cleared.
So, the only option I can see in case of S32K1 device is to emulate this function by software (like wolfssl) and store the key in normal flash.
Regards,
Lukas

xiongsl · ‎02-21-2024

Can the attributes of KEY_01~KEY_17 be cleared and changed to something like RAM_KEY?

lukaszadrapa · ‎02-21-2024

No, such changes can't be done in CSEc.

xiongsl · ‎02-21-2024

Okay, thanks for the answer.

xiongsl · ‎02-21-2024

Hi @lukaszadrapa

In other words, only the 16-byte key of RAM_KEY supports reading. KEY_01~KEY_17 does not support reading, so the RSA2048 key can only be stored in FLASH or EEPROM.
Regards,
xiongsl