帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Encrypted Key (KEK) injection

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

Encrypted Key (KEK) injection

跳至解决方案
‎12-26-2022 10:17 AM
1,837 次查看
psvz
Contributor IV

I couldn't find source code for function Se05x_API_WriteSymmKey()

Could you please confirm that key decryption and persistence is handled atomically inside SE050, so that decrypted key is never transmitted back to the host?

I can see from the source code that only symmetric keys can be injected with KEK. Could you please confirm requirements for KEK itself - is it only AES? DES? Could it be asymmetric? It would help if you had some example code...

Thank you.

 

标签 (1)
标签
0 项奖励
回复
1 解答

跳至解决方案
‎12-27-2022 08:11 PM
1,817 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @psvz ,

 

Please kindly refer to the following for details.

 

1/ where is the source code for function Se05x_API_WriteSymmKey()?

-Please refer to \simw-top\hostlib\hostLib\se05x_03_xx_xx\se05x_APDU_impl.h for details.

2/ when injecting with KEK (no examples available) - could you please confirm that key decryption and persistence is handled atomically inside SE050, so that decrypted key is never transmitted back to the host?

- Yes, they are handled automatically inside the SE.

3/ What type of key (AES, DES, RSA, EC) can SE050 use as KEK (not documented)?

-The key type is defined in https://www.rfc-editor.org/rfc/rfc3394 .

 

Please kindly refer to https://www.nxp.com/docs/en/application-note/AN12413.pdf for more details.

 

Hope that helps,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

在原帖中查看解决方案

0 项奖励
回复
4 回复数

跳至解决方案
‎12-26-2022 08:22 PM
1,828 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @psvz ,

 

Are you going to inject a symmetric key for both Encryption and Decryption? If so , please kindly refer to the demo in "simw-top\sss\ex\symmetric\ex_sss_symmetric.c" for details.

 

For symmetric keys, read back is not possible.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 项奖励
回复

跳至解决方案
‎12-27-2022 04:42 AM
1,822 次查看
psvz
Contributor IV

@Kan_Li - the example simw-top\sss\ex\symmetric\ex_sss_symmetric.c does NOT use KEK, so it is not helpful. Let's discuss all the questions because it is a deal-breaker for me:

1/ where is the source code for function Se05x_API_WriteSymmKey()?

2/ when injecting with KEK (no examples available) - could you please confirm that key decryption and persistence is handled atomically inside SE050, so that decrypted key is never transmitted back to the host?

3/ What type of key (AES, DES, RSA, EC) can SE050 use as KEK (not documented)?

If you could please answer each question or point me out to NXP product folks who could help?

Thank you.

0 项奖励
回复

跳至解决方案
‎12-27-2022 08:11 PM
1,818 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @psvz ,

 

Please kindly refer to the following for details.

 

1/ where is the source code for function Se05x_API_WriteSymmKey()?

-Please refer to \simw-top\hostlib\hostLib\se05x_03_xx_xx\se05x_APDU_impl.h for details.

2/ when injecting with KEK (no examples available) - could you please confirm that key decryption and persistence is handled atomically inside SE050, so that decrypted key is never transmitted back to the host?

- Yes, they are handled automatically inside the SE.

3/ What type of key (AES, DES, RSA, EC) can SE050 use as KEK (not documented)?

-The key type is defined in https://www.rfc-editor.org/rfc/rfc3394 .

 

Please kindly refer to https://www.nxp.com/docs/en/application-note/AN12413.pdf for more details.

 

Hope that helps,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 项奖励
回复

跳至解决方案
‎12-28-2022 06:47 AM
1,813 次查看
psvz
Contributor IV

@Kan_Li - Kan, this is very very VERY helpful!!! You've made my day - Thanks a lot!

0 项奖励
回复