3.2.2 Slot Configuration Terminology
The following section provides a set of terms used to discuss configuration options. The terms are arranged alphabetically.
- Term
- Description
- AES Key
- Slot can be used as a key source for
AES
commands. The AES key is 128 bits in width for the ECC608-TNGHNT. - Always Write
- Slot can be written in the clear with the
Write
command. - Clear Read
- Slot is considered public (non-secret) and its contents can be read in the
clear with the
Read
command. - ECDH
- Elliptic Curve Diffie Hellman. Private key can be used with the
ECDH
command. - Ext Sign
- Private key can be used to sign external (arbitrary) messages.
- Int Sign
- Private key can be used to sign internal messages generated by the
GenKey
orGenDig
commands. Used to attest to the device's internal keys and configuration. - Lockable
- Slot can be locked at some point in the future. Once locked, the slot contents cannot be changed (read/use only).
- No Read
- Slot is considered secret and its contents cannot be read with the
Read
command. Private keys and symmetric secrets must always be configured as No Read. - No Write
- Slot cannot be changed with the
Write
command. - Permanent
- Private key is permanent/unchangeable. It is internally generated during factory provisioning.
- Updatable
- Private key can be overwritten later with a new, random, internally-generated private key. Its initial value is internally generated during factory provisioning.