Hello,
Please refer to the following general information about the keys.
Chapter 1. Introduction to Public-Key Cryptography Red Hat Certificate System 9 | Red Hat Customer P...
As for signing, applied in the HAB, the following general information may be useful.
https://medium.com/coinmonks/public-key-cryptography-and-digital-signatures-6d81a06c15c4
There are the following NXP app notes regarding HAB specifics.
https://www.nxp.com/docs/en/application-note/AN4581.pdf
https://www.nxp.com/docs/en/application-note/AN12056.pdf
Note, the generation of the key pairs are implemented on a host computer with CST help.
The keys are generated and located on the host, and it is customer's responsibility
how to store it in a secure way. Customers can use the (HSM) approach, described in
CST documentation (cst-3.1.0.tar\release\code\back_end-hsm\doc\)
Further - public keys are located in target boot signed image and can be checked,
using hashes of the SRK, burned in target fuses (for the SRK) and signatures of CSF and
image keys (signed by the SRK).
Have a great day,
Yuri
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
