FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

S32K3 HSE: Export EDDSA Public Key

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

S32K3 HSE: Export EDDSA Public Key

Jump to solution
‎10-20-2025 03:28 PM
612 Views
MHan
Contributor I

I am able to generate an ED25519 key pair with the Key Generation Service, and I would like to be able to export the public key later with the Key Export Service. However, the HSE returns a HSE_SRV_RSP_NOT_ALLOWED when I attempt to export the public key.

When I generate the key I use the following parameters:
Service ID: HSE_SRV_ID_KEY_GENERATE

targetKeyHandle = key_handle;

keyInfo:
keyFlags = HSE_KF_USAGE_SIGN | HSE_KF_USAGE_VERIFY | HSE_KF_ACCESS_EXPORTABLE
keyBitLen = HSE_KEY256_BITS
keyCounter = 0
smrFlags = 0
keyType = HSE_KEY_TYPE_ECC_PAIR
specific.eccCurveId = HSE_EC_25519_ED25519

keyGenScheme = HSE_KEY_GEN_ECC_KEY_PAIR

sch.eccKey.pPubKey = (HOST_ADDR)pub_key_output_ptr;

And when I export the key:

Service ID: HSE_SRV_ID_EXPORT_KEY

targetKeyHandle = key_handle; // Same Key Handle

keyInfo:
keyFlags = HSE_KF_USAGE_VERIFY | HSE_KF_ACCESS_EXPORTABLE
keyBitLen = HSE_KEY256_BITS
keyCounter = 0
smrFlags = 0
keyType = HSE_KEY_TYPE_ECC_PAIR
specific.eccCurveId = HSE_EC_25519_ED25519

pKey[0] = (HOST_ADDR)pub_key_output_ptr;
pKeyLen[0] = (HOST_ADDR)&g_identity_key_len;
 
Are there any parameter's that are missing or configured incorrectly?

 

Tags (3)
0 Kudos
Reply
1 Solution

Jump to solution
‎10-21-2025 03:56 AM
578 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @MHan 

I can see nothing wrong in those parameters. Because the public ECC key is exported in plain and not authenticated, did you configured cipherKeyHandle and authKeyHandle as HSE_INVALID_KEY_HANDLE (0xFFFFFFFF)? Setting of HSE_INVALID_KEY_HANDLE to these key handles ensures that authentication and encryption parameters are ignored.
Also try to disable data cache to confirm it is not cache issue.

Regards,
Lukas

View solution in original post

Reply
2 Replies

Jump to solution
‎10-23-2025 04:25 PM
539 Views
MHan
Contributor I

Thank you Lukas, I was missing setting the HSE_INVALID_KEY_HANDLE's.

I see now in the header files: Must be set to #HSE_INVALID_KEY_HANDLE if not used.

0 Kudos
Reply

Jump to solution
‎10-21-2025 03:56 AM
579 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @MHan 

I can see nothing wrong in those parameters. Because the public ECC key is exported in plain and not authenticated, did you configured cipherKeyHandle and authKeyHandle as HSE_INVALID_KEY_HANDLE (0xFFFFFFFF)? Setting of HSE_INVALID_KEY_HANDLE to these key handles ensures that authentication and encryption parameters are ignored.
Also try to disable data cache to confirm it is not cache issue.

Regards,
Lukas

Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-2189425%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ES32K3%20HSE%3A%20Export%20EDDSA%20Public%20Key%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2189425%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3E%3CSPAN%3EI%20am%20able%20to%20generate%20an%20ED25519%20key%20pair%20with%20the%20Key%20Generation%20Service%2C%20and%20I%20would%20like%20to%20be%20able%20to%20export%20the%20public%20key%20later%20with%20the%20Key%20Export%20Service.%20However%2C%20the%20HSE%20returns%20a%20HSE_SRV_RSP_NOT_ALLOWED%20when%20I%20attempt%20to%20export%20the%20public%20key.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CFONT%20size%3D%224%22%3EWhen%20I%20generate%20the%20key%20I%20use%20the%20following%20parameters%3A%3C%2FFONT%3E%3CBR%20%2F%3EService%20ID%3A%20HSE_SRV_ID_KEY_GENERATE%3CBR%20%2F%3E%3CBR%20%2F%3EtargetKeyHandle%20%3D%20key_handle%3B%3CBR%20%2F%3E%3CBR%20%2F%3EkeyInfo%3A%3CBR%20%2F%3EkeyFlags%20%3D%20HSE_KF_USAGE_SIGN%20%7C%20HSE_KF_USAGE_VERIFY%20%7C%20HSE_KF_ACCESS_EXPORTABLE%3CBR%20%2F%3EkeyBitLen%20%3D%20HSE_KEY256_BITS%3CBR%20%2F%3EkeyCounter%20%3D%200%3CBR%20%2F%3EsmrFlags%20%3D%200%3CBR%20%2F%3EkeyType%20%3D%20HSE_KEY_TYPE_ECC_PAIR%3CBR%20%2F%3Especific.eccCurveId%20%3D%20HSE_EC_25519_ED25519%3CBR%20%2F%3E%3CBR%20%2F%3EkeyGenScheme%20%3D%20HSE_KEY_GEN_ECC_KEY_PAIR%3CBR%20%2F%3E%3CBR%20%2F%3Esch.eccKey.pPubKey%20%3D%20(HOST_ADDR)pub_key_output_ptr%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3CFONT%20size%3D%224%22%3EAnd%20when%20I%20export%20the%20key%3A%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%3CDIV%3E%3CDIV%3EService%20ID%3A%26nbsp%3BHSE_SRV_ID_EXPORT_KEY%3CBR%20%2F%3E%3CBR%20%2F%3EtargetKeyHandle%20%3D%20key_handle%3B%20%2F%2F%20Same%20Key%20Handle%3CBR%20%2F%3E%3CBR%20%2F%3EkeyInfo%3A%3CBR%20%2F%3EkeyFlags%20%3D%20HSE_KF_USAGE_VERIFY%20%7C%20HSE_KF_ACCESS_EXPORTABLE%3CBR%20%2F%3EkeyBitLen%20%3D%20HSE_KEY256_BITS%3CBR%20%2F%3EkeyCounter%20%3D%200%3CBR%20%2F%3EsmrFlags%20%3D%200%3CBR%20%2F%3EkeyType%20%3D%20HSE_KEY_TYPE_ECC_PAIR%3CBR%20%2F%3Especific.eccCurveId%20%3D%20HSE_EC_25519_ED25519%3CBR%20%2F%3E%3CBR%20%2F%3EpKey%5B0%5D%20%3D%20(HOST_ADDR)pub_key_output_ptr%3B%3CBR%20%2F%3EpKeyLen%5B0%5D%20%3D%20(HOST_ADDR)%26amp%3Bg_identity_key_len%3B%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EAre%20there%20any%20parameter's%20that%20are%20missing%20or%20configured%20incorrectly%3F%3C%2FDIV%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2192016%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20S32K3%20HSE%3A%20Export%20EDDSA%20Public%20Key%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2192016%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EThank%20you%20Lukas%2C%20I%20was%20missing%20setting%20the%26nbsp%3B%3CSPAN%3EHSE_INVALID_KEY_HANDLE's.%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20see%20now%20in%20the%20header%20files%3A%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3EMust%20be%20set%20to%20%23HSE_INVALID_KEY_HANDLE%20if%20not%20used.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2189916%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20S32K3%20HSE%3A%20Export%20EDDSA%20Public%20Key%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2189916%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F255983%22%20target%3D%22_blank%22%3E%40MHan%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20can%20see%20nothing%20wrong%20in%20those%20parameters.%20Because%20the%20public%20ECC%20key%20is%20exported%20in%20plain%20and%20not%20authenticated%2C%20did%20you%20configured%20cipherKeyHandle%20and%20authKeyHandle%20as%20HSE_INVALID_KEY_HANDLE%20(0xFFFFFFFF)%3F%20Setting%20of%20HSE_INVALID_KEY_HANDLE%20to%20these%20key%20handles%20ensures%20that%20authentication%20and%20encryption%20parameters%20are%20ignored.%20%3CBR%20%2F%3EAlso%20try%20to%20disable%20data%20cache%20to%20confirm%20it%20is%20not%20cache%20issue.%3C%2FP%3E%0A%3CP%3ERegards%2C%3CBR%20%2F%3ELukas%3C%2FP%3E%3C%2FLINGO-BODY%3E