2024-07-29 01:25 AM
Hi everyone,
I develop a asimmetric public/private key crypto scheme and then with simmetric derived ley establish a comms with HOST REMOTE <-> [LOCAL HOST/STSAFE].
I generate with ephimeral slot with:
ret_code = (int32_t)StSafeA_GenerateKeyPair(handle, STSAFEA_KEY_SLOT_EPHEMERAL, 0xFFFF, 1,
(STSAFEA_PRVKEY_MODOPER_AUTHFLAG_CMD_RESP_SIGNEN |
STSAFEA_PRVKEY_MODOPER_AUTHFLAG_MSG_DGST_SIGNEN |
STSAFEA_PRVKEY_MODOPER_AUTHFLAG_KEY_ESTABLISHEN),
STSAFEA_NIST_P_256, STSAFEA_XYRS_ECDSA_SHA256_LENGTH,
&pointreprensentationid, &pub_cx, &pub_cy,
STSAFEA_MAC_NONE);
And then generate a PEM wich will be sended to REMOT HOST, in the next step receive PEM from the other extreme and extract XY ECDAS pair.
How should i do if i want to set up a derived key and share it with the REMOTE HOST?. I cant find de Derive Key command in MW of STM CUBE MX pack, only find de EstablishKey command for SPL02 profile.
Solved! Go to Solution.
2024-08-23 06:07 AM
Hi @FMaro.1 ,
For your use case, you have the first part OK which is the key generation.
Then you need to use ECDH algorithm with the StSafeA_EstablishKey().
The output of the StSafeA_EstablishKey() is the share secret with your REMOTE HOST.
From this share secret, you can use a KDF (Key Derivation Function) to derive a shared symmetric key on LOCAL HOST.
You need to do the same on the REMOTE HOST side with the LOCAL HOST public key (ECDH then KDF) to derive the same shared symmetric key.
Best Regards,
Benjamin
2024-08-23 06:07 AM
Hi @FMaro.1 ,
For your use case, you have the first part OK which is the key generation.
Then you need to use ECDH algorithm with the StSafeA_EstablishKey().
The output of the StSafeA_EstablishKey() is the share secret with your REMOTE HOST.
From this share secret, you can use a KDF (Key Derivation Function) to derive a shared symmetric key on LOCAL HOST.
You need to do the same on the REMOTE HOST side with the LOCAL HOST public key (ECDH then KDF) to derive the same shared symmetric key.
Best Regards,
Benjamin
2024-09-18 06:40 AM
Thank you for your answer, after studying the subject a bit I have understood it, only that the name of the function/api is not consistent with the concept of pre shared key or master secret, hence the confusion.
Best Regards
Fernando Marotta