nrf_cc3xx_platform_identity_key_store()

int nrf_cc3xx_platform_identity_key_store	(	uint32_t	slot_id,
		const uint8_t	key[32] )

Function to store an identity key.

Note

The primary usage of this API is to store asymmetric key material corresponding to a secret identity of the device, for example an ECC private key using curve type secp256r1.

This API encrypts 32 bytes of raw key material and stores it in two consecutive KMU slots. The key is encrypted using a key derived from the Master Key Encryption Key (MKEK).

The key is stored in the KMU in a way that makes it accessible to read it from the CPU, but only in encrypted form. To decrypt the key for usage, please use nrf_cc3xx_platform_identity_key_retrieve.

Note

This API assumes no format of the data stored.

The key material stored using this API may not be in flash and should be kept secret, for instance by generating it directly on the device or securely provisioning it.

Parameters

[in]	slot_id	The first KMU slot ID for the new key (uses 2).
[in]	key	The key material to encrypt and store.

Returns

NRF_CC3XX_PLATFORM_SUCCESS on success, otherwise a negative value.