How to delete local host keys in ST-SAFE-A110?

PLori.1 · ‎2022-01-17

Hi.

Im working with ST-SAFE-A110 together with STM32CubeExpansion_STSAFE-A_V1.2.0 in a STM32_L4.

Im trying to change my local host keys after being populated. I can wrap/unwarp without any problems but I don't know how to erase and regenerate the keys. It seems I need to establish an admin secure session to have the required permissions in order to erase the keys but don't know how to do that. Same problem changing the Host Cipher/MAC keys. Do I need to do some changes in the auth configuration in the middleware? How do I establish an admin secure session?

Thanks.

Benjamin BARATTE · ‎2022-01-17

Hi @PLori.1,

On the STSAFE-A, there is only 1 set of pairing keys called "hosts keys".

These keys are use for the secure channel and this is mandatory for the wrap/unwrap use case.

As the admin key is not accessible due to security constraint, the pairing keys are one-time key for the STSAFE-A.

You can't change the pairing keys of the STSAFE-A for the lifetime of the STSAFE-A.

By default, the pairing operation is using the default keys for evaluation.

Before moving on customer managed or random keys pairing, you need to carefully define the scenario to protect the key in a proper way in your application.

Best Regards,

Benjamin

View solution in original post

Benjamin BARATTE · ‎2022-01-17