2.2.1.2 Public Keys

Public keys are associated with ECC private keys. Every ECC private key will have its own unique public key. Public keys associated with private keys stored on the device can be retrieved by using the GenKey command. Public keys from an ECC private key stored off chip can be stored in the device in a slot configured for a public key.

Permanent Parent Public Key

The parent public key is a primary system key generated from an ECC private key that is stored off chip. This key must be written to the slot labeled Parent Public Key, and, then, slot locked to make it permanent. This key cannot be changed. This key can be set up to be used as part of the validation process for a Validated Public key.

Validated Updatable Public Key

A validated public key requires that a key be validated before use or invalidated before being updated. Validation and invalidation are done using the Verify command and the Parent Public Key in Validate/Invalidate mode. Here, a parent public key must be written and locked in the Parent Public Key slot. The public key to be validated must, then, be written to the Validated Public Key slot. This slot must not be locked if updating the key is desired. Finally, the private key counterpart to the parent public key (off chip) needs to be used to validate the public key to enable its use and prevent unauthorized changes.