connectedhomeip icon indicating copy to clipboard operation
connectedhomeip copied to clipboard

Published 20 hours ago verified publisher icon project-chip

[Feature] Require P256Keypair user to specify its purpose at initialization

Open Damian-Nordic opened this issue 2 years ago • 0 comments

Feature description

PSA crypto API requires that key pairs have their purpose (what algorithm they are meant for) defined upon their creation. The existing P256Keypair, on the other hand, has a single initialization method regardless if it is used for ECDSA or ECDH. We should extend the P256Keypair initialization interface so that PSA Crypto API can be used more efficiently.

Additionally, to improve security, a user should be able to specify whether a given private key is exportable, that is, whether it must be possible to extract it as raw bytes.

Platform

all

Platform Version(s)

No response

Anything else?

No response

Damian-Nordic avatar Oct 14 '22 08:10 Damian-Nordic