SE050 - It is possible to generate a reference key for a symmetric key?

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

SE050 - It is possible to generate a reference key for a symmetric key?

ソリューションへジャンプ
886件の閲覧回数
CristianeBP
Contributor III

Good morning,

I'm able to inject a HMAC key in the SE with success.
But now I need to use my injected key from an openssl command. 

I know that is possible, using openssl, to access an internal element through the "-key refkeyfile.ref" command.
I would like to know if it is possible to generate a reference key file for a symmetric key (HMAC) and if yes, where I can find an example?

Thanks in advance.

Cristiane Bellenzier Piaia

ラベル(1)
0 件の賞賛
返信
1 解決策
854件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @CristianeBP ,

 

in Plug&Trust we have no such support of HMAC for the openssl engine as well as provider. This forwarding would need to be implemented , and can be done by the customer for sure. The reference key concept could be used there as well, although on asymmetric keys the key characteristics make it easier to clearly tell that a given key cannot be a normal key but needs to be a reference key instead. On symmetric HMAC keys all key values are equally possible so a reference key cannot be differentiated from a normal key with absolute 100% certainty. But the chance is most likely negligibly small.

In case the application always works with HMAC reference keys that would be not an issue, because then no differentiation needs to be done. Concrete: In case the engine gets loaded all HMAC keys are "reference keys" in case it is not loaded all HMAC keys are normal SW keys. 

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

元の投稿で解決策を見る

0 件の賞賛
返信
1 返信
855件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @CristianeBP ,

 

in Plug&Trust we have no such support of HMAC for the openssl engine as well as provider. This forwarding would need to be implemented , and can be done by the customer for sure. The reference key concept could be used there as well, although on asymmetric keys the key characteristics make it easier to clearly tell that a given key cannot be a normal key but needs to be a reference key instead. On symmetric HMAC keys all key values are equally possible so a reference key cannot be differentiated from a normal key with absolute 100% certainty. But the chance is most likely negligibly small.

In case the application always works with HMAC reference keys that would be not an issue, because then no differentiation needs to be done. Concrete: In case the engine gets loaded all HMAC keys are "reference keys" in case it is not loaded all HMAC keys are normal SW keys. 

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 件の賞賛
返信