- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
CAAM secure (tagged) keys with openssl
09-16-2021
04:05 AM
5,347 次查看
Hello,
we set up an iMX6 board with secure boot and CAAM support enabled, and also configured file-system encryption using CAAM and secure keys (tagged keys).
Now we'd like to use tagged keys with openssl (AES) as well. We managed to configure CAAM as engine for openssl, using cryptodev. However, only non-tagged-key algorithms (e.g. aes-256-cbc) are available in openssl.
How can we tell openssl about the tagged key algorithms?
I found this document about how to use black keys with openssl for asymmetric crypto operations, but has anything similar already been done for AES (e.g. aes-256-cbc-tk)?
Thanks,
Tobias
7 回复数
10-18-2021
10:12 PM
5,208 次查看
igorpadykov
NXP Employee
Hi Tobias
from team:
----------------------
Please tell me your BSP version. I think this need to be done by adding some custom code to link the tagged key transform. It can't be selected autonomously. Please share test code or patch to reproduce on our side.
----------------------
Best regards
igor
10-20-2021
01:26 AM
5,191 次查看
Hi Igor,
This is the BSP we are using: https://github.com/varigit/variscite-bsp-platform/tree/dunfell
I'm not sure what the team means by "code or patch to reproduce on our side", but I would like to do something like
openssl enc -e -engine cryptodev -in plainfile -out cryptofile aes-256-cbc-tk -K blackkey
to encrypt a plainfile using the provided blackkey (note the -tk in the cipher, which obviously openssl doesn't know about), through the CAAM (e.g. with cryptodev).
This doesn't work out of the box, and it would be cool to know what's missing.
Tobias
11-16-2021
02:40 AM
5,074 次查看
igorpadykov
NXP Employee
procedure and verification patch were sent via mail.
-----------------------
Best regards
igor
02-14-2023
08:31 AM
3,905 次查看
ahightower
Contributor I
Has this been mainlined in the past year? What was the resolution of this?
