FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Issue with KeyDerivation

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

Issue with KeyDerivation

Jump to solution
‎05-26-2025 07:45 AM
593 Views
kerti1
Contributor III

Hi,

 

I am working with the ECDH using the example project of Demo_examples of Demoapp_sessionkeys as reference. I am able to generate the ECC pair keys, import the peer public key and generate the common shared key which are stored in GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 0, 0) for ECC pair keys;

GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 1, 0) for Peer Public Key and

GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 2, 0) for DH shared key. So I assigned the same as srcKeyHandle paramter in the derivekey function with the same DH shared key slot and new slot for the target key. But i get invalid params. I did not clearly understand about the keyderive even after going through reference manual. Please find the attached snippets. And also is it needed to import the derived key?

 

KeerthiT_0-1748270110090.png

KeerthiT_1-1748270599226.png

Thanks for the support.

Tags (1)
0 Kudos
Reply
1 Solution

Jump to solution
‎05-27-2025 04:02 AM
566 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @kerti1 

I can see that you configured targetKeyHandle as HSE_KEY_TYPE_AES. However, it should be HSE_ KEY_ TYPE_ SHARED_ SECRET. Here is a screenshot from the HSE Service API reference manual:

lukaszadrapa_0-1748343704597.png


So, the result of this operation is another shared secret. If you need AES key, you need to extract such key using mentioned hseKeyDeriveCopyKeySrv_t service as shown in the demo example. Derived key is stored directly to slot defined by keyhandle, you are not supposed to import it manually by yourself.

Regards,
Lukas

View solution in original post

0 Kudos
Reply
2 Replies

Jump to solution
‎05-27-2025 04:02 AM
567 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @kerti1 

I can see that you configured targetKeyHandle as HSE_KEY_TYPE_AES. However, it should be HSE_ KEY_ TYPE_ SHARED_ SECRET. Here is a screenshot from the HSE Service API reference manual:

lukaszadrapa_0-1748343704597.png


So, the result of this operation is another shared secret. If you need AES key, you need to extract such key using mentioned hseKeyDeriveCopyKeySrv_t service as shown in the demo example. Derived key is stored directly to slot defined by keyhandle, you are not supposed to import it manually by yourself.

Regards,
Lukas

0 Kudos
Reply

Jump to solution
‎05-27-2025 04:28 AM
560 Views
kerti1
Contributor III

Hi @lukaszadrapa ,

 

Thanks for the solution. But I already have defined {HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_SHARED_SECRET, 2U, HSE_KEY638_BITS} 2 keys slots i thought it would be okay for derived key.

And also we should import our public key in order to share to the peer persons. But the key generated is changing every time when I run the program i think it is because of RAM keys. If i want to have constant key. I hope using NVM keys is sufficient. Sorry for asking basic questions. But I lack clarity in these topics. 

 

0 Kudos
Reply