製品概要
概要
KMS-MW is an STM32Cube middleware, which provides KMS cryptographic services through the standard PKCS#11 APIs. It allows the abstraction of key values to the caller, using object IDs instead of the key values themselves. The key management service can be executed inside a protected/isolated environment to ensure that key values cannot be accessed by an unauthorized code running outside the protected/isolated environment.
-
特徴
- KMS-MW manages three types of keys
- Static embedded keys
- Predefined keys embedded within the code that cannot be modified
- Unmutable keys
- Updatable keys with static ID
- Keys IDs are predefined in the system
- Keys can be injected or updated in an NVM storage via a secure procedure using static embedded keys (authenticity check, data integrity check, and data decryption)
- Keys cannot be deleted
- Provisionnable keys
- Updatable keys with dynamic ID
- Keys IDs are defined when keys are created using KMS
- Key values can be updated using KMS
- Keys can be deleted
- Runtime keys
- Static embedded keys
- KMS-MW supports a subset of PKCS#11 APIs
- Object management functions: creation / update / deletion / search
- AES Encrypt and Decrypt functions
- SHA Digest functions
- RSA Sign / Verify functions
- ECDSA Verify functions
- ECC key pair generation
- ECDH key derivation
- KMS-MW manages three types of keys