Lines Matching refs:key
28 * [Importing a key](#importing-a-key)
32 * [Deriving a new key from an existing key](#deriving-a-new-key-from-an-existing-key)
64 ### Importing a key
66 To use a key for cryptography operations in Mbed Crypto, you need to first
67 import it. The import operation returns the identifier of the key for use
73 This example shows how to import a key:
75 void import_a_key(const uint8_t *key, size_t key_len)
81 printf("Import an AES key...\t");
91 /* Set key attributes */
97 /* Import the key */
98 status = psa_import_key(&attributes, key, key_len, &key_id);
100 printf("Failed to import key\n");
103 printf("Imported a key\n");
108 /* Destroy the key */
117 Mbed Crypto supports encrypting, decrypting, signing and verifying messages using public key signat…
121 * Have a valid key with appropriate attributes set:
128 void sign_a_message_using_rsa(const uint8_t *key, size_t key_len)
150 /* Set key attributes */
156 /* Import the key */
157 status = psa_import_key(&attributes, key, key_len, &key_id);
159 printf("Failed to import key\n");
163 /* Sign message using the key */
178 /* Destroy the key */
191 * Have a symmetric key. This key's usage flags must include `PSA_KEY_USAGE_ENCRYPT` to allow encryp…
196 1. Call `psa_cipher_encrypt_setup()` to specify the algorithm and the key to be used.
201 This example shows how to encrypt data using an AES (Advanced Encryption Standard) key in CBC (Ciph…
203 void encrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len)
230 /* Import a key */
235 status = psa_import_key(&attributes, key, key_len, &key_id);
237 printf("Failed to import a key\n");
270 /* Destroy the key */
280 1. Call `psa_cipher_decrypt_setup()` to specify the algorithm and the key to be used.
285 This example shows how to decrypt encrypted data using an AES key in CBC mode with no padding
288 void decrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len)
314 /* Import a key */
319 status = psa_import_key(&attributes, key, key_len, &key_id);
321 printf("Failed to import a key\n");
354 /* Destroy the key */
509 <span class="notes">**Note:** To generate a random key, use `psa_generate_key()` instead of `psa_ge…
538 ### Deriving a new key from an existing key
540 Mbed Crypto provides a key derivation API that lets you derive new keys from
541 existing ones. The key derivation API has functions to take inputs, including
545 You must first initialize and set up a key derivation context,
546 …a key and, optionally, other data. Then, use the key derivation context to either read derived dat…
551 **Prerequisites to working with the key derivation APIs:**
553 * Use a key with the appropriate attributes set:
554 * Usage flags set for key derivation (`PSA_KEY_USAGE_DERIVE`)
556 * Algorithm set to a key derivation algorithm
559 **To derive a new AES-CTR 128-bit encryption key into a given key slot using HKDF
560 with a given key, salt and info:**
562 1. Set up the key derivation context using the `psa_key_derivation_setup()`
566 1. Provide a secret with `psa_key_derivation_input_key()`, referencing a key that
567 can be used for key derivation.
568 1. Set the key attributes desired for the new derived key. We'll set
571 1. Derive the key by calling `psa_key_derivation_output_key()`.
572 1. Clean up the key derivation context.
574 At this point, the derived key slot holds a new 128-bit AES-CTR encryption key
575 derived from the key, salt and info provided:
579 static const unsigned char key[] = {
598 printf("Derive a key (HKDF)...\t");
608 /* Import a key for use in key derivation. If such a key has already been
613 status = psa_import_key(&attributes, key, sizeof(key), &base_key);
615 printf("Failed to import a key\n");
620 /* Derive a key */
623 printf("Failed to begin key derivation\n");
642 printf("Failed to input key (extract)\n");
659 printf("Failed to derive key\n");
664 printf("Derived key\n");
666 /* Clean up key derivation operation */
682 * The key attributes for the key used for derivation must have the `PSA_KEY_USAGE_ENCRYPT` or `PSA_…
687 static const uint8_t key[] = {
724 /* Import a key */
729 status = psa_import_key(&attributes, key, sizeof(key), &key_id);
749 /* Destroy the key */
795 /* Import a key */
802 printf("Failed to import a key\n");
824 /* Destroy the key */
832 Mbed Crypto provides a simple way to generate a key or key pair.
834 **Prerequisites to using key generation and export APIs:**
837 **To generate an ECDSA key:**
838 1. Set the desired key attributes for key generation by calling
840 …SA(PSA_ALG_SHA_256)`). You only want to export the public key, not the key pair (or private key); …
841 1. Generate a key by calling `psa_generate_key()`.
842 1. Export the generated public key by calling `psa_export_public_key()`:
853 printf("Generate a key pair...\t");
863 /* Generate a key */
872 printf("Failed to generate key\n");
880 printf("Failed to export public key %ld\n", status);
884 printf("Exported a public key\n");
886 /* Destroy the key */