- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- Product Forums
- :
- S32K
- :
- Key Management Example
Key Management Example
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SOLVED
05-12-2025
05:57 AM
944 Views
kerti1
Contributor III
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am using the HSE for s32K and able to perform AES-128 encryption and SHA hashing successfully. Currently, I am storing the keys in RAM, which is only for testing purposes. I would now like to implement proper key management. Specifically, I want to know whether the HSE can automatically generate keys, or if we are required to hard-code them as global variables—similar to how we use RAM keys and call the M1, M2, and M3 for storing in ECU.I have searched for examples using the HSE_IP layer (Non-AUTOSAR), but could not find any clear examples or documentation related to key management. Could you please provide a clear and understandable example for key management using the HSE_IP layer? That would be very helpful.
Thank you
Solved! Go to Solution.
1 Solution
05-12-2025
10:46 AM
930 Views
Julián_AragónM
NXP TechSupport
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @kerti1,
From the S32K3 product page, you can download the HSE Demo Examples, which contains various projects.
Inside the SW package, you can find the Key Management demos, which include Session Keys (1) and NVM Key update (2).
I can share the main objective from each example:
(1) The main purpose of this example is to show the steps required to properly configure the HSE to show the functionality of the session key services. It formats the keys and then generates the ECC key pair. Then import the ECC keys, compute the DH Shared Secret and derive key using SP800_108 KDF. Finally, it extracts from the derived key material 2 keys, a 192-bits AES and a 256-bit AES, and then encrypts and decrypt using AES GCM using both keys.
(2) The main purpose of this example is to an import symmetric key and AES GMAC generate keys.
Best regards,
Julián
Julián
2 Replies
10-29-2025
07:12 AM
369 Views
ASN7
Contributor III
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can the NVM Key update (2) demo, be used to store custom keys (not generated) so that it can be accessed after writing only once to a particular key slot ?
Because right now, I import the keys to NVM and calculate CMAC and it works fine. And then I comment out the import function in the same project and select the key handle and ask HSE to calculate CMAC and it throws me an error saying key slot is empty.
05-12-2025
10:46 AM
931 Views
Julián_AragónM
NXP TechSupport
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @kerti1,
From the S32K3 product page, you can download the HSE Demo Examples, which contains various projects.
Inside the SW package, you can find the Key Management demos, which include Session Keys (1) and NVM Key update (2).
I can share the main objective from each example:
(1) The main purpose of this example is to show the steps required to properly configure the HSE to show the functionality of the session key services. It formats the keys and then generates the ECC key pair. Then import the ECC keys, compute the DH Shared Secret and derive key using SP800_108 KDF. Finally, it extracts from the derived key material 2 keys, a 192-bits AES and a 256-bit AES, and then encrypts and decrypt using AES GCM using both keys.
(2) The main purpose of this example is to an import symmetric key and AES GMAC generate keys.
Best regards,
Julián
Julián
