Design Win

STM32 Middleware enabling Key Management Services

Get Software

Product overview


KMS-MW is an STM32Cube middleware, which provides KMS cryptographic services through the standard PKCS#11 APIs. It allows the abstraction of key values to the caller, using object IDs instead of the key values themselves. The key management service can be executed inside a protected/isolated environment to ensure that key values cannot be accessed by an unauthorized code running outside the protected/isolated environment.

  • All features

    • KMS-MW manages three types of keys
      • Static embedded keys
        • Predefined keys embedded within the code that cannot be modified
        • Unmutable keys
      • Updatable keys with static ID
        • Keys IDs are predefined in the system
        • Keys can be injected or updated in an NVM storage via a secure procedure using static embedded keys (authenticity check, data integrity check, and data decryption)
        • Keys cannot be deleted
        • Provisionnable keys
      • Updatable keys with dynamic ID
        • Keys IDs are defined when keys are created using KMS
        • Key values can be updated using KMS
        • Keys can be deleted
        • Runtime keys
    • KMS-MW supports a subset of PKCS#11 APIs
      • Object management functions: creation / update / deletion / search
      • AES Encrypt and Decrypt functions
      • SHA Digest functions
      • RSA Sign / Verify functions
      • ECDSA Verify functions
      • ECC key pair generation
      • ECDH key derivation

Get Software