- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- Neural Processing UnitsNeural Processing Units
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
- Neural Processing Units
-
- NXP Tech Blogs
Request: Implement C_UnwrapKey in SIMW Top PKCS#11 (SE05X) for CMS ECDH
01-18-2026
09:31 PM
682 次查看
vishwaec08
Contributor I
Hello NXP Team,
We need C_UnwrapKey (AES-CBC/AES-CBC-PAD) implemented in SE05X SDK PKCS#11 to enable CMS ECDH handle-only decrypt on SE05X.
Currently C_UnwrapKey returns CKR_FUNCTION_NOT_SUPPORTED in sss_pkcs11_pal_core.c. The flow requires unwrapping the CMS CEK on-token using the derived AES handle plus the 16-byte IV from CMS.
Regards
Vishwa
2 回复数
01-19-2026
01:39 AM
646 次查看
vishwaec08
Contributor I
Hi,
The overall idea is that we want to encrypt and decrypt the data using OpenSSL CMS with an EC key.
For reference, the OpenSSL commands are listed below.
pkcs11-tool --module /usr/lib/libsss_pkcs11.so --slot 1 --keypairgen --key-type EC:prime256v1 --label "sss:20202022"
OPENSSL_CONF=engine.conf openssl req -engine pkcs11 -new -key "pkcs11:object=sss:20202022;type=private" -keyform engine -out ec_req.pem -x509 -subj "/CN=Test EC" -days 365
OPENSSL_CONF=engine.conf openssl x509 -engine pkcs11 -signkey "pkcs11:object=sss:20202022;type=private" -keyform engine -in ec_req.pem -out ec_cert.pem
openssl cms -encrypt -binary -outform DER -aes128 -in smcont.txt -recip ec_cert.pem -out test_ec.cms
OPENSSL_CONF=engine.conf openssl cms -decrypt -binary -inform DER -engine pkcs11 -keyform engine -inkey "pkcs11:object=sss:20202022;type=private" -recip ec_cert.pem -in test_ec.cms -out smtst.txt
01-18-2026
11:16 PM
660 次查看
Hi @vishwaec08 ,
I have forwarded your feature request to the expert team, and will let you know when I have any feedback from there.
Thanks for your patience!
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
