Detailed Slot
Configurations
The following tables provide a more detailed description of the slot
configuration and key configuration settings for each configured slot on the device.
Relevant commands and command modes applicable to each configured slot are included.
Table 2-5. Slot 0 Configuration
Information
| Slot |
Configuration Value |
Description of
Enabled Features |
| 0 |
Key: |
|
Primary Private Key
- Contains P256
NIST ECC private key
- The
corresponding public key can always be generated
- Random nonce
is required
|
| Slot: |
|
- Slot is
secret
- Can sign
external messages
- Can use with
ECDH command
|
Table 2-6. Slot 1 Configuration
Information
| Slot |
Configuration Value |
Description of Enabled
Features |
| 1 |
Key: |
|
Internal Sign Private Key
- Contains P256
NIST ECC private key
- The
corresponding public key can always be generated
- Random nonce
is required
|
| Slot: |
|
- Slot is
secret
- Can sign
internal messages generated by GenDig or GenKey
- ECDH
disabled
|
Table 2-7. Slot and Key Configuration
Slots 2-4
| Slot |
Configuration Value |
Description of Enabled
Features |
| 2,3 or 4 |
Key: |
|
Secondary Private Keys 1-3
- Contains P256
NIST ECC private key
- The
corresponding public key can always be generated
- Random nonce
is required
- This slot can
be individually locked
|
| Slot: |
|
- GenKey can be
used to generate a new ECC private key in this slot prior to
locking
- Slot is
secret
- Can sign
external messages
- Can use with
ECDH command
|
Table 2-8. Slot 5 Configuration
Information
| Slot |
Configuration
Value |
Description of Enabled Features |
| 5 |
Key: |
|
Clear Text Data |
| Slot: |
|
- Can not be
written
- Can be read
as clear text
|
Table 2-9. Slot 6 Configuration
Information
| Slot |
Configuration Value |
Description of Enabled
Features |
| 6 |
Key: |
|
IO Protection Key
- Can contain a
SHA256 symmetric key or other data. If the IO protection key
is not used, this slot can be used for other data
- A random
nonce is required when this key is used
- This slot can
be individually locked
|
| Slot: |
|
- Data can be
written in the Clear
- The contents
of this slot are secret and cannot be read
- Slot cannot
be used for the
CheckMac Copy command
|
Table 2-10. Slot 8 Configuration
Information
| Slot |
Configuration Value |
Description of Enabled
Features |
| 8 |
Key: |
|
General Data
- This slot is
designated for use with general data
- Slot is
lockable
|
|
Slot: |
|
- Clear text
writes and reads are permitted to this slot
- Slot cannot
be used for the
CheckMac Copy command
|
Table 2-11. Slot 9 Configuration
Information
| Slot |
Configuration Value |
Description of Enabled
Features |
| 9 |
Key: |
|
AES Key
- Slot can
store up to four AES 128-bit symmetric keys
|
| Slot: |
|
- Clear text
writes are allowed to this slot
- This slot is
secret
- Slot cannot
be used for the
CheckMac Copy command
|
Table 2-12. Slot 10 Configuration
Information
| Slot |
Configuration Value |
Description of Enabled
Features |
| 10 |
Key: |
|
Device Compressed Certificate
- Slot defined
to store other data
|
| Slot: |
|
- Data cannot
be overwritten
- Data can be
read in the clear
|
Table 2-13. Slot 11 Configuration
Information
| Slot |
Configuration Value |
Description of Enabled
Features |
| 11 |
Key: |
|
Signer Public Key
- Slot is
defined for ECC key
- ECC key is a
public key
|
| Slot: |
|
- Data cannot
be overwritten
- Data can be
read in the clear
|
Table 2-14. Slot 12 Configuration
Information
| Slot |
Configuration Value |
Description of Enabled
Features |
| 12 |
Key: |
|
Signer Compressed Certificate
- Slot defined
to store other data
|
| Slot: |
|
- Data cannot
be overwritten
- Data can be
read in the clear
|
