S32K3 certificate storage

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

S32K3 certificate storage

Jump to solution
2,841 Views
JiayuZhou
Contributor II

S32K3  

For S32K3,I find certificates can't store in HSM, only can store the key in HSM, the certificate still store in user core.

So, I have two questions:

1. Whether is HSM not support to certificate storage, update and verify?

2. Whether is MCAL not support to certificate parsing?

JiayuZhou_0-1724030649113.png

 

0 Kudos
Reply
1 Solution
2,772 Views
VaneB
NXP TechSupport
NXP TechSupport

Hi @JiayuZhou 

CertificateParse and CertificateVerify functionalities are not currently implemented, so there is no support. Unfortunately, there is no timeline or plan to include direct support.

The whole of certificate is not stored in HSE, right? Yes, only the keys are stored.

View solution in original post

0 Kudos
Reply
3 Replies
2,806 Views
VaneB
NXP TechSupport
NXP TechSupport

Hi @JiayuZhou 

The CertificateParse and CertificateVerify functionalities are not implemented, as Certificate handling via HSE-B is not done directly. It can fill-in a certificate signing request (CSR) that is pre-formatted by the host. By this the host just needs to provide the pointers to the key values that must be located within the CSR. 

To provide a certificate as shown in the image you share, HSE supports the option to "import standard key certificates", in this case the key container of the Key to be imported is formatted according to a standard certificate format. To properly import the key the host just needs to provide the pointers to the key values and container within the certificate. 

To keep a certificate valid, most of them will have an expiration date and that means that the certification must be updated in order to keep being valid or to provide a more secure way of authenticating the identity of the organization/user. This depends on the certificate itself and the company that validates the corresponding certificate.

 

BR, VaneB

0 Kudos
Reply
2,792 Views
JiayuZhou
Contributor II
thanks for your reply. Besides, I want to know whether HSE can parse certificates. And I understand that only the key of certificate and the pointer of certificate stored in HSE, the whole of certificate is not stored in HSE, right? Whether HSE can verify the validity of the certificate?
0 Kudos
Reply
2,773 Views
VaneB
NXP TechSupport
NXP TechSupport

Hi @JiayuZhou 

CertificateParse and CertificateVerify functionalities are not currently implemented, so there is no support. Unfortunately, there is no timeline or plan to include direct support.

The whole of certificate is not stored in HSE, right? Yes, only the keys are stored.

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-1934602%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ES32K3%20certificate%20storage%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1934602%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fc-pwmxy87654%2FS32K3%2Fpd-p%2FS32K3%22%20class%3D%22lia-product-mention%22%20data-product%3D%221688-1%22%20target%3D%22_blank%22%3ES32K3%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20S32K3%EF%BC%8CI%20find%20certificates%20can't%20store%20in%20HSM%2C%20only%20can%20store%20the%20key%20in%20HSM%2C%20the%20certificate%20still%20store%20in%20user%20core.%3C%2FP%3E%3CP%3ESo%2C%20I%20have%20two%20questions%3A%3C%2FP%3E%3CP%3E1.%20Whether%20is%20HSM%20not%20support%20to%20certificate%20storage%2C%20update%20and%20verify%3F%3C%2FP%3E%3CP%3E2.%20Whether%20is%20MCAL%20not%20support%20to%20certificate%20parsing%3F%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JiayuZhou_0-1724030649113.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22JiayuZhou_0-1724030649113.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F293691iB0EFC04EB0CDB10F%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22JiayuZhou_0-1724030649113.png%22%20alt%3D%22JiayuZhou_0-1724030649113.png%22%20%2F%3E%3C%2Fspan%3E%3C%2FSPAN%3E%3C%2FP%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1937739%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20S32K3%20certificate%20storage%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1937739%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F239119%22%20target%3D%22_blank%22%3E%40JiayuZhou%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECertificateParse%20and%20CertificateVerify%20functionalities%20are%20not%20currently%20implemented%2C%20so%20there%20is%20no%20support.%20Unfortunately%2C%20there%20is%20no%20timeline%20or%20plan%20to%20include%20direct%20support.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EThe%20whole%20of%20certificate%20is%20not%20stored%20in%20HSE%2C%20right%3F%3C%2FSTRONG%3E%20Yes%2C%20only%20the%20keys%20are%20stored.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1936811%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20S32K3%20certificate%20storage%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1936811%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3Ethanks%20for%20your%20reply.%20Besides%2C%20I%20want%20to%20know%20whether%20HSE%20can%20parse%20certificates.%20And%20I%20understand%20that%20only%20the%20key%20of%20certificate%20and%20the%20pointer%20of%20certificate%20stored%20in%20HSE%2C%20the%20whole%20of%20certificate%20is%20not%20stored%20in%20HSE%2C%20right%3F%20Whether%20HSE%20can%20verify%20the%20validity%20of%20the%20certificate%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1936569%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20S32K3%20certificate%20storage%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1936569%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F239119%22%20target%3D%22_blank%22%3E%40JiayuZhou%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20CertificateParse%20and%20CertificateVerify%20functionalities%20are%20not%20implemented%2C%20as%20Certificate%20handling%20via%20HSE-B%20is%20not%20done%20directly.%26nbsp%3BIt%20can%20fill-in%20a%20certificate%20signing%20request%20(CSR)%20that%20is%20pre-formatted%20by%20the%20host.%20By%20this%20the%20host%20just%20needs%20to%20provide%20the%20pointers%20to%20the%20key%20values%20that%20must%20be%20located%20within%20the%20CSR.%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20provide%20a%20certificate%20as%20shown%20in%20the%20image%20you%20share%2C%20HSE%20supports%20the%20option%20to%20%22import%20standard%20key%20certificates%22%2C%20in%20this%20case%20the%20key%20container%20of%20the%20Key%20to%20be%20imported%20is%20formatted%20according%20to%20a%20standard%20certificate%20format.%20To%20properly%20import%20the%20key%20the%20host%20just%20needs%20to%20provide%20the%20pointers%20to%20the%20key%20values%20and%20container%20within%20the%20certificate.%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20keep%20a%20certificate%20valid%2C%20most%20of%20them%20will%20have%20an%20expiration%20date%20and%20that%20means%20that%20the%20certification%20must%20be%20updated%20in%20order%20to%20keep%20being%20valid%20or%20to%20provide%20a%20more%20secure%20way%20of%20authenticating%20the%20identity%20of%20the%20organization%2Fuser.%20This%20depends%20on%20the%20certificate%20itself%20and%20the%20company%20that%20validates%20the%20corresponding%20certificate.%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3EBR%2C%20VaneB%3C%2FP%3E%3C%2FLINGO-BODY%3E