FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

SE050 - It is possible to generate a reference key for a symmetric key?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

SE050 - It is possible to generate a reference key for a symmetric key?

Jump to solution
‎08-09-2023 06:46 AM
562 Views
CristianeBP
Contributor II

Good morning,

I'm able to inject a HMAC key in the SE with success.
But now I need to use my injected key from an openssl command. 

I know that is possible, using openssl, to access an internal element through the "-key refkeyfile.ref" command.
I would like to know if it is possible to generate a reference key file for a symmetric key (HMAC) and if yes, where I can find an example?

Thanks in advance.

Cristiane Bellenzier Piaia

Labels (1)
Labels
0 Kudos
Reply
1 Solution

Jump to solution
‎08-10-2023 12:58 AM
530 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @CristianeBP ,

 

in Plug&Trust we have no such support of HMAC for the openssl engine as well as provider. This forwarding would need to be implemented , and can be done by the customer for sure. The reference key concept could be used there as well, although on asymmetric keys the key characteristics make it easier to clearly tell that a given key cannot be a normal key but needs to be a reference key instead. On symmetric HMAC keys all key values are equally possible so a reference key cannot be differentiated from a normal key with absolute 100% certainty. But the chance is most likely negligibly small.

In case the application always works with HMAC reference keys that would be not an issue, because then no differentiation needs to be done. Concrete: In case the engine gets loaded all HMAC keys are "reference keys" in case it is not loaded all HMAC keys are normal SW keys. 

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

0 Kudos
Reply
1 Reply

Jump to solution
‎08-10-2023 12:58 AM
531 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @CristianeBP ,

 

in Plug&Trust we have no such support of HMAC for the openssl engine as well as provider. This forwarding would need to be implemented , and can be done by the customer for sure. The reference key concept could be used there as well, although on asymmetric keys the key characteristics make it easier to clearly tell that a given key cannot be a normal key but needs to be a reference key instead. On symmetric HMAC keys all key values are equally possible so a reference key cannot be differentiated from a normal key with absolute 100% certainty. But the chance is most likely negligibly small.

In case the application always works with HMAC reference keys that would be not an issue, because then no differentiation needs to be done. Concrete: In case the engine gets loaded all HMAC keys are "reference keys" in case it is not loaded all HMAC keys are normal SW keys. 

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply