Does the SE050 support wrapping or exporting of secret or private keys?
I understand that Se05x_API_ExportObject and Se05x_API_ImportObject allow for the export and import of these keys, but use a unique device-specific key, making it possible to backup and restore key material to the same SE050.
My requirement is a little different. I want to be able to securely backup one SE050 and restore to a different SE050. I'm just not seeing anything in the examples or documentation for this.
Yes, it would suffice for my purposes to only support transient Secure Objects. My question is whether there is support to export this object to another SE050. There is little documentation I can find to describe the wrapping key for this operation. Is the key unique per device? If it is writable, then this would allow for my use case.
Hi @chrisaptosia ,
Do you mean to export the transient Secure Objects from one SE and import them to another as a persistent one? or still as a transient secure object? Please kindly clarify.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
It doesn't matter much whether the newly imported secure object is a transient or persistent. I'm simply looking for a method to take a key from one SE050 to another.
Hi @chrisaptosia ,
Thanks for the clarification!
Just confirmed with the expert, the import functionality only works with data exported exactly from the same SE due to the SE-individual encryption.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Thank you. So to confirm, the SE050 has no ability to generate a key exportable to another SE050 and no general key wrap functionality?
Hi @chrisaptosia ,
As far as I know, the export operation can just support transient Secure Objects, is this what you want? You may refer to 3.2.8 in https://www.nxp.com/webapp/Download?colCode=AN12543 for more details on this topic.
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------