• State Verified Answer
  • Replies 4 replies
  • Subscribers 65 subscribers
  • Views 132 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 329516
Options

Shared Secret Key provisioning on the nRF5340, Options

neo_here

Hey All, 

We are working on a product based on the nRF5340. We will be using symmetric key authentication(HMAC) and was wondering the best way to go about provisioning the secret key. 

I've seen that there's a psa_set_key_lifetime api to set the key as persistent. I also saw the TF-M example where the KMU is used and the secret key is provisioned to one of the slots in the KMU. 

We are building the project as a _ns application. Was looking for some advice on my options for this. 

Parents Reply
  • 0 in reply to Hieu

    Hi Hieu,

    Thanks for the blog, I went through it and seems like PSA Crypto API are the way to go and I would like to avoid using the KMU directly.

    But since we are going to import a key once and not generate it, Is using the secure storage API to store the Key handle the way to go ?

    1) Use the PSA Crypto Import key API and import the key as persistent key

    2) Store the Key handle in persistent storage with Secure Storage

    3) Load the keyhandle from persistent storage subsequently throughout the lifecycle of the device or until it is reprovisioned

Children
Related