3.2.1.2 ECC Public Keys

Public keys are always associated with ECC private keys. Every ECC private key will have its own unique public key. Public keys may be stored in the device or may be regenerated using the GenKey command if a given device slot is so configured. For the ECC608-TFLXWPC, seven possible public keys can be used or generated:

• Device Slots 0 and 1 contain an ECC private key for the WPC product unit certificates associated with the WPC Slot 0 and WPC Slot 1 certificate chains. The public key for each of these private keys can always be generated and used for a verify operation.
• Device Slot 2 contains an ECC private key for the TLS IoT authentication. The public key for this key can always be generated and used for a verify operation.
• Device Slot 9 contains an ECC public key for the WPC Slot 0 manufacturing X.509 certificate.
• Device Slot 8 contains an ECC public key for the WPC Slot 1 manufacturing X.509 certificate. The public key is stored in the first 72 bytes of the slot. If WPC Slot 1 is not used, this key may have an alternate use or not exist at all.
• Slot 11 contains an ECC public key as part of the X.509 IoT TLS signer certificate information.
• Slot 15 contains an ECC public key that can be used for secure boot operations.