FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Signing using CCB

SAMINA
Associate

‎2025-11-11 8:29 AM - edited ‎2025-11-11 8:36 AM

Hi

I am implementing the ECDSA-P256 signing for a payload.

I have checked the example code  https://github.com/STMicroelectronics/STM32CubeU3/tree/main/Projects/NUCLEO-U385RG-Q/Examples/CCB/CCB_Protected_ECDSA_Signature

The example code shows that the software has an access to the private-key. Would it be possible to generate a private key using RNG which software/processor can not see and which can be used by the CCB to compute a signature. The same key can be used to get public-key.  can I use this API   HAL_CCB_ECDSA_GenerateWrapPrivateKey(). Would this key be persistence across reboot or do I need to store the wrapped key?

 

Labels:
0 Kudos
1 REPLY 1
Jocelyn RICARD
ST Employee

‎2025-11-12 10:06 AM

Hello @SAMINA ,

I guess you are looking for this example:

STM32CubeU3/Projects/NUCLEO-U385RG-Q/Applications/MbedTLS_HW_KWE/ECC_ECDSA_GenerateWrappedKey_KWE at main · STMicroelectronics/STM32CubeU3 · GitHub

It is using  HAL_CCB_ECDSA_GenerateWrapPrivateKey(). (behind mbedTLS PSA API)

This give you an example how this is connected to flash storage through storage_interface.c implementing psa storage api.

This is very simple example, you will need to adapt it to your needs

Best regards

Jocelyn

 

0 Kudos
Top