2.2.1.5 Private Keys
ECC private keys are the fundamental building blocks of ECC security. These keys are private and unique to each device and can never be read. ECC private keys are randomly generated by the secure element's TRNG at provision-time and are securely held in slots configured as ECC private keys.
ECC private keys are not a critical part of the LoRaWAN security specifications. This slot has been provided to allow for ECC security to be added to a customer’s LoRaWAN application.
Primary Private Key
This is the primary authentication key. It is permanent and cannot be changed. Each device has its own unique private key.
This key is enabled for two primary elliptic curve functions:
- ECDSA Sign for authentication
- ECDH for key agreement. If encryption of the ECDH output is required, then the I/O protection key needs to be first setup. See Section I/O Protection Key for setup details.
This private key is the foundation for the generation of the corresponding public key and the X.509 Certificates.