FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Using derived hardware key (DHUK) with AES on stm32u5

Go to solution
jptuser44
Associate

‎2023-12-01 10:59 AM

I've been trying to set up the AES peripheral so that it's only using the hardware derived key from the SAES peripheral (without setting any clear text key). However, the only method mentioned in the reference manual on using the DHUK is through the shared-key mode, where a clear text key is encrypted and passed on to AES. 

jptuser44_0-1701456000989.png

I would like to know if there is a way to use AES with no clear text key (key is entirely hardware generated).

Any insights or alternative approaches would be greatly appreciated.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
STea
ST Employee

‎2023-12-05 03:39 AM

Hello @jptuser44 and welcome to st community ,

The key provisioning step is needed as the key will be shared between the encryption and decryption sides which can be not on the same hardware so it is not possible as it should be known to both the encryption/decryption sides and this cannot be avoided when using AES . 

an alternative is to provision the key in the boot process and use some security features like HDP (hide out protection) to make it unreadable by the application afterwords .

you can check the key management services (KMS MW) which provides this type of solution to provision the and manage cryptographic keys securely 

BR

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

View solution in original post

1 REPLY 1
Go to solution
STea
ST Employee

‎2023-12-05 03:39 AM

Hello @jptuser44 and welcome to st community ,

The key provisioning step is needed as the key will be shared between the encryption and decryption sides which can be not on the same hardware so it is not possible as it should be known to both the encryption/decryption sides and this cannot be avoided when using AES . 

an alternative is to provision the key in the boot process and use some security features like HDP (hide out protection) to make it unreadable by the application afterwords .

you can check the key management services (KMS MW) which provides this type of solution to provision the and manage cryptographic keys securely 

BR

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
Top