3.2.2 Slot Configuration Terminology

The following section provides a set of terms used to discuss configuration options. The terms are arranged alphabetically.

Term
Description
AES Key
Slot can be used as a key source for AES commands. The AES key is 128 bits in width for the ECC608-TNGHNT.
Always Write
Slot can be written in the clear with the Write command.
Clear Read
Slot is considered public (non-secret) and its contents can be read in the clear with the Read command.
ECDH
Elliptic Curve Diffie Hellman. Private key can be used with the ECDH command.
Ext Sign
Private key can be used to sign external (arbitrary) messages.
Int Sign
Private key can be used to sign internal messages generated by the GenKey or GenDig commands. Used to attest to the device's internal keys and configuration.
Lockable
Slot can be locked at some point in the future. Once locked, the slot contents cannot be changed (read/use only).
No Read
Slot is considered secret and its contents cannot be read with the Read command. Private keys and symmetric secrets must always be configured as No Read.
No Write
Slot cannot be changed with the Write command.
Permanent
Private key is permanent/unchangeable. It is internally generated during factory provisioning.
Updatable
Private key can be overwritten later with a new, random, internally-generated private key. Its initial value is internally generated during factory provisioning.