CST Tool with HSM Keys

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CST Tool with HSM Keys

1,551 Views
rohith_chinnasw
Contributor II

I got the CST 3.0.1 tool and compile in windows. The adapt_layer_openssl.c file says to modify it for HSM implementations but its not clear whether cst can be used when the keys are already generated in HSM and OpenSSL is not involved with Keys. Note that we have a separate API to integrate with HSM by sending the hash and retrieve the signature, but not sure if that can be adapted with CST tool.

Tags (2)
0 Kudos
4 Replies

344 Views
jbhaijy
Contributor III

Hi @rohith_chinnasw 

 

Did your CST tool able to communicate with HSM through the API's? Have you done any changes in CST tool to communicate with HSM?

I am also working on same concept where CST tool should able to communicate with remote HSM through the standard vendor API's like DigiCert API. DigiCert have their own API's to communicate with HSM which is possible to call the API's from the simple script along with hash value & get the it signed from HSM. 

I don't whether this can be possible with CST tool? If you can share your experience, that will be helpful for me.

Thanks. 

0 Kudos

1,201 Views
rohith_chinnasw
Contributor II

Thanks Yuri. I will try on 3.1.0 version. I saw the guide but it wasnt clear on whether we can use the pregenerated keys or we need to use OpenSSL to create those HSM keys.

Also is a similar reference available for mkimage tool(to customize with HSM)?

0 Kudos

1,201 Views
Yuri
NXP Employee
NXP Employee

Hello,

   Please create request \ ticket for more considerations.

Support|NXP 

Regards,

Yuri.

0 Kudos

1,201 Views
Yuri
NXP Employee
NXP Employee

Hello,

   

  Our CST implementation is not intended for HSM using.

Generally customers can refer to Appendix B (Replacing the CST Backend Implementation)

of “CST_UG.pdf” for some recommendations how to implement own solution.

 

Recent CST (3.1.0) may be loaded, using the following link:

 

https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL

Have a great day,

Yuri

 

------------------------------------------------------------------------------

Note: If this post answers your question, please click the Correct Answer

button. Thank you!

0 Kudos