Keys
Note
Cryptographic keys are only available for the eSecIP Professional and eSecIP Standard editions.
The keys information type is optional for the product configuration file.
Cryptographic keys to be provisioned to a device are either supplied by you and injected into the device, or generated by the Security Appliance just before the device is provisioned. If your product requires only injected or generated keys, the unused key subtype can be omitted from the configuration file.
The keys section is slightly different from the other information types, with an extra intermediate field layer. Both key subtypes—injected and generated—have lists as their values, where key configuration objects are defined:
{
"keys": {
"injected": [
{injected key configuration object},
…
],
"generated": [
{generated key configuration object},
…
[
{Injected keys
Injected cryptographic keys are predefined and injected into each device during the manufacturing run. You predefine the injected keys in the product configuration file. All devices provisioned with the resulting PPKG will have the same key provisioned to all devices. If unique keys are required for each device, they must be generated instead by the Security Appliance.
Field name | Description |
|---|---|
| Specifies whether to include the key in the device’s production record. Mandatory. |
| The name of the key. Mandatory. |
| A predefined cryptographic key. Mandatory. |
| The type of key to be injected. Mandatory. |
| The name of the obfuscation record used for obfuscation. Optional. If the object is not to be obfuscated, this field must be omitted. |
| An ID to be used for locating the key inside the BLOB. Only for the eSecIP Professional edition and mandatory. |
| The memory location for the key. Only for the eSecIP Standard edition and mandatory. |
| The memory location for the length value (in bytes) of the private part of an asymmetric key pair. Only for the eSecIP Standard edition. Mandatory if the key type is a generated |
| The memory location for the length value (in bytes) of the public part of an asymmetric key pair. Only for the eSecIP Standard edition. Mandatory if the key type is a generated |
keys : injected information typeGenerated keys
Generated cryptographic keys are generated by the Security Appliance when the device is being provisioned. They are unique both with respect to other devices and to any other keys generated for the same device.
Field name | Description |
|---|---|
| Specifies whether to include the key in the device’s production record. Mandatory. |
| The name of the key. Mandatory. |
| The size of the generated key. Mandatory. |
| The type of key to be generated. Mandatory. |
| The name of the obfuscation record used for obfuscating the generated key. Optional. If the object is not to be obfuscated, this field must be omitted. |
| The name of the obfuscation record to use for obfuscating the private part of an asymmetric key pair. Only for the eSecIP Standard edition and optional. If the object is not to be obfuscated, this field must be omitted. |
| The name of the obfuscation record to use for obfuscating the public part of an asymmetric key pair. Only for the eSecIP Standard edition and optional. If the object is not to be obfuscated, this field must be omitted. |
| The memory location for the key. Only for the eSecIP Standard edition and mandatory. |
| The memory location for the length value (in bytes) of a generated symmetric key. Only for the eSecIP Standard edition. Mandatory if the key type is a |
| The memory location for the length value (in bytes) of the private part of an asymmetric key pair. Only for the eSecIP Standard edition. Mandatory if the key type is a generated |
| The memory location for the length value (in bytes) of the public part of an asymmetric key pair. Only for the eSecIP Standard edition. Mandatory if the key type is a generated |
| An ID to be used for locating the key inside the BLOB. Only for the eSecIP Professional edition and mandatory. |
keys : generated information type