Skip to main content
J
jptuser44
Explorer
December 1, 2023
Solved

Using derived hardware key (DHUK) with AES on stm32u5

  • December 1, 2023
  • 1 reply
  • 2378 views

I've been trying to set up the AES peripheral so that it's only using the hardware derived key from the SAES peripheral (without setting any clear text key). However, the only method mentioned in the reference manual on using the DHUK is through the shared-key mode, where a clear text key is encrypted and passed on to AES. 

jptuser44_0-1701456000989.png

I would like to know if there is a way to use AES with no clear text key (key is entirely hardware generated).

Any insights or alternative approaches would be greatly appreciated.

This topic has been closed for replies.
Best answer by STea

Hello @jptuser44 and welcome to st community ,

The key provisioning step is needed as the key will be shared between the encryption and decryption sides which can be not on the same hardware so it is not possible as it should be known to both the encryption/decryption sides and this cannot be avoided when using AES . 

an alternative is to provision the key in the boot process and use some security features like HDP (hide out protection) to make it unreadable by the application afterwords .

you can check the key management services (KMS MW) which provides this type of solution to provision the and manage cryptographic keys securely 

BR

1 reply

S
STeaBest answer
ST Employee
December 5, 2023

Hello @jptuser44 and welcome to st community ,

The key provisioning step is needed as the key will be shared between the encryption and decryption sides which can be not on the same hardware so it is not possible as it should be known to both the encryption/decryption sides and this cannot be avoided when using AES . 

an alternative is to provision the key in the boot process and use some security features like HDP (hide out protection) to make it unreadable by the application afterwords .

you can check the key management services (KMS MW) which provides this type of solution to provision the and manage cryptographic keys securely 

BR

    Terms & ConditionsAccessibility statement