2.2.1.1 Private Keys

ECC private keys are the fundamental building blocks of ECC Security. These keys are private and unique to each device and can never be read. ECC private keys are randomly generated by the secure element's TRNG and are securely held in slots configured as ECC private keys.

Primary Private Key

This is the primary authentication key. It is permanent and cannot be changed. Each device has its own unique private key.

This key is enabled for two primary elliptic curve functions:

  • ECDSA Sign for authentication
  • ECDH for key agreement. If encryption of the ECDH output is required, the IO protection key needs to be first set up. See Section 2.2.1.5 I/O Protection Key for setup details.

This private key is the foundation for the generation of the corresponding public key and the X.509 Certificates.

Secondary Private Keys

There are additional private keys that can be used for future use cases, such as additional service authentication.

These keys are enabled for the following primary elliptic curve functions:

  • ECDSA Sign for authentication.
  • ECDH for key agreement. If encryption of the ECDH output is required, the IO protection key needs to be first set up. See Section 2.2.1.5 I/O Protection Key for setup details.
  • GenKey for overwriting the slot with a new internally-generated random private key.

While the primary private key and certificates are permanent, these other keys can be overwritten with a new internally-generated private key (GenKey command mode = 0x04) to enable key deletion, key rotation and remote provisioning. The keys are also slot-lockable (KeyConfig.Lockable bit is set to zero), meaning the Lock command can be used in SlotLock mode to render the current key permanent and prevent it from being changed by the GenKey command. When performing key changes, Key Attestation is required to ensure to another system that the device’s new public key being presented actually originated from the device in question.

Key Attestation

The private key in slot 1 is configured as an internal sign-only key, which means it can only sign messages generated internally by the GenKey or GenDig commands and cannot be used to sign arbitrary external messages. This feature allows the internal sign key to be used to attest to what keys are in the device and their configuration/status to any system that knows (and trusts) the internal sign public key.