Shared Secret Key provisioning on the nRF5340, Options

To add on to the original post, this secret key provisioning is going to happen as a post manufacturing step. 

Hi neo_here,

My colleague wrote a blog, with a section discussing different storage of keys. Please give it a read:
https://devzone.nordicsemi.com/nordic/nordic-blog/b/blog/posts/persistent-storage-of-keys-and-data-using-the-nrf-connect-sdk#Storage-alternatives-for-keys

Hieu

Hi Hieu,

Thanks for the blog, I went through it and seems like PSA Crypto API are the way to go and I would like to avoid using the KMU directly.

But since we are going to import a key once and not generate it, Is using the secure storage API to store the Key handle the way to go ?

1) Use the PSA Crypto Import key API and import the key as persistent key

2) Store the Key handle in persistent storage with Secure Storage

3) Load the keyhandle from persistent storage subsequently throughout the lifecycle of the device or until it is reprovisioned

Hi neo_here,

Yes, you can import the key and use it later with PSA Crypto API. It is certainly one good way to go.

Hi neo_here,

Yes, you can import the key and use it later with PSA Crypto API. It is certainly one good way to go.