Identity key generation
This sample demonstrates how to generate a random device-specific identity using Identity key, which is then stored in the Key Management Unit (KMU).
Requirements
The following development kits are supported:
Hardware platforms |
PCA |
Board name |
Build target |
|---|---|---|---|
PCA10090 |
|
||
PCA10095 |
|
The Hardware unique key library is required to generate and store the prerequisite Master Key Encryption Key (MKEK) into KMU.
Note
Once the required identity key is provisioned on the device, only the code pages should be erased as ERASEALL removes the identity key from the system.
Overview
The identity key is stored in the KMU in encrypted form using the Hardware Unique Key (HUK) Master Key Encryption Key (MKEK). The sample also demonstrates how to generate a random MKEK and store it in KMU.
The sample performs the following operations:
The random hardware unique keys(HUKs) are generated and stored in the KMU.
A random identity key of type secp256r1 is generated and stored in the KMU.
The identity key is verified to be stored in KMU.
Configuration
See Configuring your application for information about how to permanently or temporarily change the configuration.
Building and running
This sample can be found under samples/keys/identity_key_generate in the nRF Connect SDK folder structure.
To build the sample with Visual Studio Code, follow the steps listed on the Building nRF Connect SDK application quick guide page in the nRF Connect for VS Code extension documentation. See Building and programming an application for other building and programming scenarios and Testing and debugging an application for general information about testing and debugging in the nRF Connect SDK.
Testing
After programming the sample to your development kit, complete the following steps to test it:
Connect to the kit that runs this sample with a terminal emulator (for example, PuTTY). See How to connect with PuTTY for the required settings.
Reset the kit.
Observe the following output:
Generating random HUK keys Writing the identity key to KMU Success!If an error occurs, the sample prints a message and raises a kernel panic.
Dependencies
The following libraries are used: