Detailed Slot
Configurations
The following tables provide a more detailed description of the slot configuration
and key configuration settings for each configured slot on the device. The most
important slot access policies and commands are called out.
Reserved Slots 2, 5, 7, 10-15 are set for Read/Write
Never and cannot be used by the customer.
Table 3-3. Slot and Key Configuration
Slots 0| Slot | Configuration
Value | Description of Enabled Features |
|---|
| 0 | Key: | | HNT SwarmKey
- Contains
P-256 NIST ECC private key that corresponds to ECC compact
private key requirements
- The
corresponding public key can always be generated
- Slot Lockable(1)
|
| Slot: | |
- GenKey can be
used to generate a new ECC private key(2)
- Slot is
secret
- Can sign
external messages
- Can sign internal messages
- Can be used
with the
ECDH command
|
Note:
- If the Slot is locked, GenKey
cannot be run to generate a new ECC Private Key.
- The initial key programmed
into the device corresponds to the ECC Compact private key requirements. If
GenKey is used to generate a new key, the user must validate that it
corresponds to the ECC Compact private key requirements. Multiple GenKey
tries may be required to get a key that matches the ECC Compact private key
requirements.
Table 3-4. Slot 1 Configuration
Information| Slot | Configuration Value | Description of Enabled
Features |
|---|
| 1 | Key: | | Internal Sign Private Key - Contains
P-256 NIST ECC private key
- The
corresponding public key can always be generated
- Random nonce
is required
|
| Slot: | |
- Slot is
secret
- Can sign
internal messages generated by GenDig or GenKey
- ECDH
disabled
|
Table 3-5. Slot and Key Configuration
Slots 3-4| Slot | Configuration Value | Description of Enabled
Features |
|---|
| 3 or 4 | Key: | | Secondary Private Keys 1-2- Contains
P-256 NIST ECC private key
- The
corresponding public key can always be generated
- Random nonce
is required
- This slot can
be individually locked
|
| Slot: | |
- GenKey can be
used to generate a new ECC private key in this slot prior to
locking
- Slot is
secret
- Can sign
external messages
- Can be used
with the
ECDH command
|
Table 3-6. Slot 6 Configuration
Information| Slot | Configuration Value | Description of Enabled
Features |
|---|
| 6 | Key: | | I/O Protection Key- Can contain a
SHA-256 symmetric key or other data. If the I/O protection
key is not used, this slot can be used for other data
- A random
nonce is required when this key is used
- This slot can
be individually locked
|
| Slot: | |
- Data can be
written in the clear
- The contents
of this slot are secret and cannot be read
- Slot cannot
be used for the
CheckMac Copy command
|
Table 3-7. Slot 8 Configuration
Information| Slot | Configuration Value | Description of Enabled
Features |
|---|
| 8 | Key: | | General Data- This slot is
designated for use with general data
- Slot is
lockable
|
| Slot: | |
- Clear text
writes and reads are permitted to this slot
- Slot cannot
be used for the
CheckMac Copy command
|
Table 3-8. Slot 9 Configuration
Information| Slot | Configuration Value | Description of Enabled
Features |
|---|
| 9 | Key: | | AES Key - Slot can
store up to four AES 128-bit symmetric keys
|
| Slot: | |
- Clear text
writes are allowed to this slot
- This slot is
secret
- Slot cannot
be used for the
CheckMac Copy command
|
