帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

SE050 - It is possible to generate a reference key for a symmetric key?

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

SE050 - It is possible to generate a reference key for a symmetric key?

跳至解决方案
‎08-09-2023 06:46 AM
609 次查看
CristianeBP
Contributor II

Good morning,

I'm able to inject a HMAC key in the SE with success.
But now I need to use my injected key from an openssl command. 

I know that is possible, using openssl, to access an internal element through the "-key refkeyfile.ref" command.
I would like to know if it is possible to generate a reference key file for a symmetric key (HMAC) and if yes, where I can find an example?

Thanks in advance.

Cristiane Bellenzier Piaia

标签 (1)
标签
0 项奖励
回复
1 解答

跳至解决方案
‎08-10-2023 12:58 AM
577 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @CristianeBP ,

 

in Plug&Trust we have no such support of HMAC for the openssl engine as well as provider. This forwarding would need to be implemented , and can be done by the customer for sure. The reference key concept could be used there as well, although on asymmetric keys the key characteristics make it easier to clearly tell that a given key cannot be a normal key but needs to be a reference key instead. On symmetric HMAC keys all key values are equally possible so a reference key cannot be differentiated from a normal key with absolute 100% certainty. But the chance is most likely negligibly small.

In case the application always works with HMAC reference keys that would be not an issue, because then no differentiation needs to be done. Concrete: In case the engine gets loaded all HMAC keys are "reference keys" in case it is not loaded all HMAC keys are normal SW keys. 

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

在原帖中查看解决方案

0 项奖励
回复
1 回复

跳至解决方案
‎08-10-2023 12:58 AM
578 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @CristianeBP ,

 

in Plug&Trust we have no such support of HMAC for the openssl engine as well as provider. This forwarding would need to be implemented , and can be done by the customer for sure. The reference key concept could be used there as well, although on asymmetric keys the key characteristics make it easier to clearly tell that a given key cannot be a normal key but needs to be a reference key instead. On symmetric HMAC keys all key values are equally possible so a reference key cannot be differentiated from a normal key with absolute 100% certainty. But the chance is most likely negligibly small.

In case the application always works with HMAC reference keys that would be not an issue, because then no differentiation needs to be done. Concrete: In case the engine gets loaded all HMAC keys are "reference keys" in case it is not loaded all HMAC keys are normal SW keys. 

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 项奖励
回复