How to read CSEc keys

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to read CSEc keys

Jump to solution
1,120 Views
xiongsl
Contributor I

Hello,

My software needs to support RSA2048, but the SDK doesn't support it yet.

If the key is stored to CSEc, how can I read the key so that the software can complete the digital signature?

Key length is 256 bytes.

0 Kudos
Reply
1 Solution
1,104 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @xiongsl 
SDK won't support RSA2048 because there's no such hardware feature on CSEc.
And there's no way to store such key to the CSEc. Nonvolatile keys can't be exported from CSEc. This would violate SHE specification. Only RAM key can be exported if plain key attribute is cleared.
So, the only option I can see in case of S32K1 device is to emulate this function by software (like wolfssl) and store the key in normal flash.
Regards,
Lukas

View solution in original post

0 Kudos
Reply
5 Replies
1,105 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @xiongsl 
SDK won't support RSA2048 because there's no such hardware feature on CSEc.
And there's no way to store such key to the CSEc. Nonvolatile keys can't be exported from CSEc. This would violate SHE specification. Only RAM key can be exported if plain key attribute is cleared.
So, the only option I can see in case of S32K1 device is to emulate this function by software (like wolfssl) and store the key in normal flash.
Regards,
Lukas

0 Kudos
Reply
1,092 Views
xiongsl
Contributor I

Can the attributes of KEY_01~KEY_17 be cleared and changed to something like RAM_KEY?

0 Kudos
Reply
1,076 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

No, such changes can't be done in CSEc.

0 Kudos
Reply
1,070 Views
xiongsl
Contributor I

Okay, thanks for the answer.

0 Kudos
Reply
1,094 Views
xiongsl
Contributor I

Hi @lukaszadrapa 

In other words, only the 16-byte key of RAM_KEY supports reading. KEY_01~KEY_17 does not support reading, so the RSA2048 key can only be stored in FLASH or EEPROM.
Regards,
xiongsl

0 Kudos
Reply