I am creating a bluetooth mesh using nrf54L15 and would like to make use of public key OOB as a means of whitelisting devices (so only my devices can join the mesh). The idea is that each device will be provisioned during manufacturing and in this process it will generate an ECDH key pair in PSA and its public key and UUID will be stored in a database somewhere. When a device tries to get provisioned into the bluetooth mesh, the provisioner will be able to retrieve the public key based on the UUID of the device and use that public key as part of the public key OOB process.
One detail I run into now is specifying the private and public key in the bt_mesh_prov struct.
static const struct bt_mesh_prov prov = {
.uuid = dev_uuid,
.unprovisioned_beacon = unprovisioned_beacon,
.node_added = node_added,
.complete = prov_complete,
.reset = prov_reset,
.public_key_be = dev_pub_key,
.private_key_be = dev_priv_key,
};
The way this struct is defined seems to force me to export the private key from PSA and hold it somewhere in RAM. Preferably, I would leave the private key in PSA and only make use of the key handle. Is there a way to make use of keys stored in PSA for the purpose of public key OOB without exporting them?
On the other hand, maybe this is not such a big security concern and I'm just being a bit pedantic, if that is the case, please let me know 
