Can somebody please confirm whether the following piece of code will use a 32-byte encryption key stored in KMU slot #4? I've successfully tested encryption/decryption using a derivation of the persistent_key_storage sample but that code used a key that I stored in serial EEPROM. The code below does succeed (prints "Generated P-256 key") but I don't yet know how to store a 32-byte key in KMU slot #4 so I don't know that it does what I hope it does.
Also, how important is lifetime and what does it mean?
Finally, is there some example C code (valid for Connect SDK v2.6.0) for writing a 32-byte key to KMU slot #4?
Thank you.
psa_status_t status = psa_crypto_init();
psa_key_id_t key_id = mbedtls_svc_key_id_make(
0,
4);
psa_key_handle_t handle = PSA_KEY_ID_NULL;
status = psa_open_key(key_id, &handle);
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE);
psa_set_key_algorithm(&key_attributes, PSA_ALG_GCM);
psa_set_key_type(&key_attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(&key_attributes, 256);
psa_set_key_id(&key_attributes, 4);
status = psa_generate_key(&key_attributes, &key_id);
if (status == PSA_SUCCESS)
{
printk("Generated P-256 key\n");
}
else
{
printk("Key failed %i\n", status);
}
