FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Encrypted Key (KEK) injection

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

Encrypted Key (KEK) injection

Jump to solution
‎12-26-2022 10:17 AM
1,832 Views
psvz
Contributor IV

I couldn't find source code for function Se05x_API_WriteSymmKey()

Could you please confirm that key decryption and persistence is handled atomically inside SE050, so that decrypted key is never transmitted back to the host?

I can see from the source code that only symmetric keys can be injected with KEK. Could you please confirm requirements for KEK itself - is it only AES? DES? Could it be asymmetric? It would help if you had some example code...

Thank you.

 

Labels (1)
Labels
0 Kudos
Reply
1 Solution

Jump to solution
‎12-27-2022 08:11 PM
1,812 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @psvz ,

 

Please kindly refer to the following for details.

 

1/ where is the source code for function Se05x_API_WriteSymmKey()?

-Please refer to \simw-top\hostlib\hostLib\se05x_03_xx_xx\se05x_APDU_impl.h for details.

2/ when injecting with KEK (no examples available) - could you please confirm that key decryption and persistence is handled atomically inside SE050, so that decrypted key is never transmitted back to the host?

- Yes, they are handled automatically inside the SE.

3/ What type of key (AES, DES, RSA, EC) can SE050 use as KEK (not documented)?

-The key type is defined in https://www.rfc-editor.org/rfc/rfc3394 .

 

Please kindly refer to https://www.nxp.com/docs/en/application-note/AN12413.pdf for more details.

 

Hope that helps,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

0 Kudos
Reply
4 Replies

Jump to solution
‎12-26-2022 08:22 PM
1,823 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @psvz ,

 

Are you going to inject a symmetric key for both Encryption and Decryption? If so , please kindly refer to the demo in "simw-top\sss\ex\symmetric\ex_sss_symmetric.c" for details.

 

For symmetric keys, read back is not possible.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

Jump to solution
‎12-27-2022 04:42 AM
1,817 Views
psvz
Contributor IV

@Kan_Li - the example simw-top\sss\ex\symmetric\ex_sss_symmetric.c does NOT use KEK, so it is not helpful. Let's discuss all the questions because it is a deal-breaker for me:

1/ where is the source code for function Se05x_API_WriteSymmKey()?

2/ when injecting with KEK (no examples available) - could you please confirm that key decryption and persistence is handled atomically inside SE050, so that decrypted key is never transmitted back to the host?

3/ What type of key (AES, DES, RSA, EC) can SE050 use as KEK (not documented)?

If you could please answer each question or point me out to NXP product folks who could help?

Thank you.

0 Kudos
Reply

Jump to solution
‎12-27-2022 08:11 PM
1,813 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @psvz ,

 

Please kindly refer to the following for details.

 

1/ where is the source code for function Se05x_API_WriteSymmKey()?

-Please refer to \simw-top\hostlib\hostLib\se05x_03_xx_xx\se05x_APDU_impl.h for details.

2/ when injecting with KEK (no examples available) - could you please confirm that key decryption and persistence is handled atomically inside SE050, so that decrypted key is never transmitted back to the host?

- Yes, they are handled automatically inside the SE.

3/ What type of key (AES, DES, RSA, EC) can SE050 use as KEK (not documented)?

-The key type is defined in https://www.rfc-editor.org/rfc/rfc3394 .

 

Please kindly refer to https://www.nxp.com/docs/en/application-note/AN12413.pdf for more details.

 

Hope that helps,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

Jump to solution
‎12-28-2022 06:47 AM
1,808 Views
psvz
Contributor IV

@Kan_Li - Kan, this is very very VERY helpful!!! You've made my day - Thanks a lot!

0 Kudos
Reply