3.2.1.1 Private Keys
ECC private keys are the fundamental building blocks of ECC security. These keys are private and unique to each device and can never be read. ECC private keys are randomly generated by the HSM at provision time and are securely held in slots configured as ECC private keys.
TLS IoT Private Key
This is the primary authentication key used for IoT connectivity. This key is permanent and cannot be changed. Each device has its own unique private key.
This key is enabled for:
- ECDSA sign for authentication
- ECDH for key agreement. If encryption of the ECDH output is required, the I/O protection key needs to be set up first. See 3.2.1.6 I/O Protection Key for setup details.
This private key is the foundation for the generation of the corresponding public key and the IoT TLS X.509 certificates.
WPC Slot 0 and Slot 1 Private Key
These are the primary ECC keys used for WPC device authentication. Typically, only the key in the WPC Slot 0 will be used.
This key is enabled for:
- ECDSA sign for authentication
This private key is the foundation for the generation of the corresponding public key for the WPC X.509 product unit certificates for the WPC Slot 0 and WPC Slot 1, respectively.