https://devzone.nordicsemi.com/f/nordic-q-a/51239/using-the-device-root-key-kdr-0-3-directly-for-aes-encryptionAre there any examples to use the device root key directly in the cryptographic functions?en-USTelligent Community 13Thu, 22 Aug 2019 12:51:03 GMThttps://devzone.nordicsemi.com/thread/205614?ContentTypeID=1Thu, 22 Aug 2019 12:51:03 GMT137ad170-7792-4731-bb38-c0d22fbe4515:bc84910f-12e2-4d65-83ed-182bc408355dchirag-parmar<p>Last but not the least, Can a derived key be used as a ECC key?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/205611?ContentTypeID=1Thu, 22 Aug 2019 12:46:55 GMT137ad170-7792-4731-bb38-c0d22fbe4515:93c266fe-4fc5-4e18-a558-d9dffc88192fEinar Thorsrud<p>No, unfortunately not. The only information you can securely store in the internal secure RAM in CryptoCell is KDR (128 bit). And that cannot be read back, only used for crypto operations (such as deriving other keys).</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/205604?ContentTypeID=1Thu, 22 Aug 2019 12:34:14 GMT137ad170-7792-4731-bb38-c0d22fbe4515:3093afed-910b-496d-aff9-8b265bd1c446chirag-parmar<p>Is there somehow I can store some of my keys (other than the KDR) in the secure RAM? If yes, How would one go about it?</p> <p>And by store I mean temporarily or just for that particular reset cycle.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/205586?ContentTypeID=1Thu, 22 Aug 2019 12:07:30 GMT137ad170-7792-4731-bb38-c0d22fbe4515:a3f681bc-6799-4a44-85c8-ef7586e55525Einar Thorsrud<p>Hi,</p> [quote user="chirag-parmar"]1. Is it OK to hold the derived the key in the normal RAM?[/quote] <p>If it is in normal RAM then it is susceptible to some attacks. If that is OK or not depends on your security requirements.</p> [quote user="chirag-parmar"]2. What are the best security practices for handling the derived key?[/quote] <p>We do not have any recommendations here.</p> [quote user="chirag-parmar"]2. Also, Will the same root key generate the same derived key every time, provided the input variables stay constant?[/quote] <p>Yes, provided the lengh/size, label, context and root key is the same.</p> <p>Please note that the lack of secure memory means that you may not find CryptoCell the best option if you need <em>very</em> high security with regard to keeping key(s) secret. If that is the case, then you may want to use a secure element such as the Optiga TrustX or similar (I mention that since it is integrated with the SDK, but there are another alternative as well). However, this will, of course, increase the BOM and is therefor only sensible for security-critical applications.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/205486?ContentTypeID=1Thu, 22 Aug 2019 08:52:56 GMT137ad170-7792-4731-bb38-c0d22fbe4515:6acf9484-6bf5-4c28-8351-95bdd7d0e6f4chirag-parmar<p>But, The derived key will stay in the normal RAM. So,<br /><br />1. Is it OK to hold the derived the key in the normal RAM?<br />2. What are the best security practices for handling the derived key?<br />2. Also, Will the same root key generate the same derived key every time, provided the input variables stay constant?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/205349?ContentTypeID=1Wed, 21 Aug 2019 13:54:04 GMT137ad170-7792-4731-bb38-c0d22fbe4515:12cda39e-8aef-4b01-80dd-3727022ad529Einar Thorsrud[quote user="chirag-parmar"]Although, deriving the key means that the key will be copied into a buffer right? This would leave a footprint of the key on the RAM. Which beats the entire purpose of having KDR registers in the cryptocell. Am i right?[/quote] <p>Yes and no. It is not copied into normal RAM, but kept internally in a secure RAM block in CC310. It is not possible to access the key, only refer to it so that it can be used for crypto operations in CC310.&nbsp;There is one related fact&nbsp;you should be aware of, though. CryptoCell only has secure RAM, not secure flash. That means that you have to store the root key in normal flash for it to be persistent, as described in <a href="https://devzone.nordicsemi.com/f/nordic-q-a/38351/saving-root-key-on-battery-powered-devices/148018#148018">this post</a>.</p> [quote user="chirag-parmar"]Also the register documentation&nbsp;<a href="https://infocenter.nordicsemi.com/pdf/nRF52840_PS_v1.1.pdf">here</a>&nbsp;says that I can select a key using the HOST_CRYPTOKEY_SEL. I was looking for a documentation/example for this exact feature.[/quote] <p>We do not have any examples or documentation, unfortunately. The only reference is the <a href="https://infocenter.nordicsemi.com/topic/com.nordic.infocenter.sdk5.v15.3.0/group__cryptocell__api.html?cp=5_1_6_4_0">CC310 API documentation</a>.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/205294?ContentTypeID=1Wed, 21 Aug 2019 11:43:44 GMT137ad170-7792-4731-bb38-c0d22fbe4515:948d93b3-bce7-4a78-a36a-dc7a786e0e1echirag-parmar<p>Although, deriving the key means that the key will be copied into a buffer right? This would leave a footprint of the key on the RAM. Which beats the entire purpose of having KDR registers in the cryptocell. Am i right?<br /><br />Also the register documentation&nbsp;<a href="https://infocenter.nordicsemi.com/pdf/nRF52840_PS_v1.1.pdf">here</a>&nbsp;says that I can select a key using the HOST_CRYPTOKEY_SEL. I was looking for a documentation/example for this exact feature.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/205239?ContentTypeID=1Wed, 21 Aug 2019 09:21:49 GMT137ad170-7792-4731-bb38-c0d22fbe4515:eeb697c5-eb12-4f65-af02-87ec91757cf4Einar Thorsrud<p>Hi,</p> <p>It should be possible, but there are no examples of this in the SDK (or anywhere else that I am aware of). <a href="https://infocenter.nordicsemi.com/topic/com.nordic.infocenter.sdk5.v15.3.0/group__ssi__utils__key__derivation.html?cp=5_1_6_4_0_20_2_1#ga8cdcb54513d8c964783a819b8ca79ee8">SaSi_UtilKeyDerivation()</a>&nbsp;can be used to derive an AES key from KDR.</p><div style="clear:both;"></div>