- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
已解决
10-20-2025
03:28 PM
602 次查看
I am able to generate an ED25519 key pair with the Key Generation Service, and I would like to be able to export the public key later with the Key Export Service. However, the HSE returns a HSE_SRV_RSP_NOT_ALLOWED when I attempt to export the public key.
When I generate the key I use the following parameters:
Service ID: HSE_SRV_ID_KEY_GENERATE
targetKeyHandle = key_handle;
keyInfo:
keyFlags = HSE_KF_USAGE_SIGN | HSE_KF_USAGE_VERIFY | HSE_KF_ACCESS_EXPORTABLE
keyBitLen = HSE_KEY256_BITS
keyCounter = 0
smrFlags = 0
keyType = HSE_KEY_TYPE_ECC_PAIR
specific.eccCurveId = HSE_EC_25519_ED25519
keyGenScheme = HSE_KEY_GEN_ECC_KEY_PAIR
sch.eccKey.pPubKey = (HOST_ADDR)pub_key_output_ptr;
And when I export the key:
Service ID: HSE_SRV_ID_EXPORT_KEY
targetKeyHandle = key_handle; // Same Key Handle
keyInfo:
keyFlags = HSE_KF_USAGE_VERIFY | HSE_KF_ACCESS_EXPORTABLE
keyBitLen = HSE_KEY256_BITS
keyCounter = 0
smrFlags = 0
keyType = HSE_KEY_TYPE_ECC_PAIR
specific.eccCurveId = HSE_EC_25519_ED25519
pKey[0] = (HOST_ADDR)pub_key_output_ptr;
pKeyLen[0] = (HOST_ADDR)&g_identity_key_len;
targetKeyHandle = key_handle; // Same Key Handle
keyInfo:
keyFlags = HSE_KF_USAGE_VERIFY | HSE_KF_ACCESS_EXPORTABLE
keyBitLen = HSE_KEY256_BITS
keyCounter = 0
smrFlags = 0
keyType = HSE_KEY_TYPE_ECC_PAIR
specific.eccCurveId = HSE_EC_25519_ED25519
pKey[0] = (HOST_ADDR)pub_key_output_ptr;
pKeyLen[0] = (HOST_ADDR)&g_identity_key_len;
Are there any parameter's that are missing or configured incorrectly?
已解决! 转到解答。
1 解答
10-21-2025
03:56 AM
568 次查看
lukaszadrapa
NXP TechSupport
Hi @MHan
I can see nothing wrong in those parameters. Because the public ECC key is exported in plain and not authenticated, did you configured cipherKeyHandle and authKeyHandle as HSE_INVALID_KEY_HANDLE (0xFFFFFFFF)? Setting of HSE_INVALID_KEY_HANDLE to these key handles ensures that authentication and encryption parameters are ignored.
Also try to disable data cache to confirm it is not cache issue.
Regards,
Lukas
回复
2 回复数
10-21-2025
03:56 AM
569 次查看
lukaszadrapa
NXP TechSupport
Hi @MHan
I can see nothing wrong in those parameters. Because the public ECC key is exported in plain and not authenticated, did you configured cipherKeyHandle and authKeyHandle as HSE_INVALID_KEY_HANDLE (0xFFFFFFFF)? Setting of HSE_INVALID_KEY_HANDLE to these key handles ensures that authentication and encryption parameters are ignored.
Also try to disable data cache to confirm it is not cache issue.
Regards,
Lukas
回复
