psa-api icon indicating copy to clipboard operation
psa-api copied to clipboard

Published 20 hours ago verified publisher icon ARM-software

DRAFT: Support for key wrapping

Open athoelke opened this issue 5 months ago • 3 comments

Building on the key formats in #207, this PR defines an API for wrapping and unwrapping keys.

The first attempt explores an approach which extends the psa_import_formatted_key() and psa_export_formatted_key() APIs, and adds a key wrapping key and algorithm to the process. The idea is that it could support wrapping keys using a general key-wrapping algorithm (such as AES-KW) with existing clear-text key formats, and wrapping keys in wrapped-key data formats, such as EncryptedPrivateKeyInfo.

I am publishing this as an initial draft to provoke discussion around the challenges and undecided issues with this approach, including the policy integration issue that affects import of formatted keys.

The first commit specific to this PR (not in #207) is https://github.com/ARM-software/psa-api/pull/215/commits/192eb55088b13b4b3bda07eff978762849b44d61

Fixes #50.

athoelke avatar Sep 10 '24 14:09 athoelke