Key policies

Macros

#define PSA_KEY_USAGE_EXPORT   ((psa_key_usage_t)0x00000001)
 
#define PSA_KEY_USAGE_COPY   ((psa_key_usage_t)0x00000002)
 
#define PSA_KEY_USAGE_ENCRYPT   ((psa_key_usage_t)0x00000100)
 
#define PSA_KEY_USAGE_DECRYPT   ((psa_key_usage_t)0x00000200)
 
#define PSA_KEY_USAGE_SIGN_HASH   ((psa_key_usage_t)0x00000400)
 
#define PSA_KEY_USAGE_VERIFY_HASH   ((psa_key_usage_t)0x00000800)
 
#define PSA_KEY_USAGE_DERIVE   ((psa_key_usage_t)0x00001000)
 

Typedefs

typedef uint32_t psa_key_usage_t
 Encoding of permitted usage on a key.
 

Macro Definition Documentation

#define PSA_KEY_USAGE_COPY   ((psa_key_usage_t)0x00000002)

Whether the key may be copied.

This flag allows the use of psa_copy_key() to make a copy of the key with the same policy or a more restrictive policy.

For lifetimes for which the key is located in a secure element which enforce the non-exportability of keys, copying a key outside the secure element also requires the usage flag PSA_KEY_USAGE_EXPORT. Copying the key inside the secure element is permitted with just PSA_KEY_USAGE_COPY if the secure element supports it. For keys with the lifetime PSA_KEY_LIFETIME_VOLATILE or PSA_KEY_LIFETIME_PERSISTENT, the usage flag PSA_KEY_USAGE_COPY is sufficient to permit the copy.

Definition at line 1703 of file crypto_values.h.

#define PSA_KEY_USAGE_DECRYPT   ((psa_key_usage_t)0x00000200)

Whether the key may be used to decrypt a message.

This flag allows the key to be used for a symmetric decryption operation, for an AEAD decryption-and-verification operation, or for an asymmetric decryption operation, if otherwise permitted by the key's type and policy.

For a key pair, this concerns the private key.

Definition at line 1725 of file crypto_values.h.

#define PSA_KEY_USAGE_DERIVE   ((psa_key_usage_t)0x00001000)

Whether the key may be used to derive other keys.

Definition at line 1749 of file crypto_values.h.

#define PSA_KEY_USAGE_ENCRYPT   ((psa_key_usage_t)0x00000100)

Whether the key may be used to encrypt a message.

This flag allows the key to be used for a symmetric encryption operation, for an AEAD encryption-and-authentication operation, or for an asymmetric encryption operation, if otherwise permitted by the key's type and policy.

For a key pair, this concerns the public key.

Definition at line 1714 of file crypto_values.h.

#define PSA_KEY_USAGE_EXPORT   ((psa_key_usage_t)0x00000001)

Whether the key may be exported.

A public key or the public part of a key pair may always be exported regardless of the value of this permission flag.

If a key does not have export permission, implementations shall not allow the key to be exported in plain form from the cryptoprocessor, whether through psa_export_key() or through a proprietary interface. The key may however be exportable in a wrapped form, i.e. in a form where it is encrypted by another key.

Definition at line 1687 of file crypto_values.h.

#define PSA_KEY_USAGE_SIGN_HASH   ((psa_key_usage_t)0x00000400)

Whether the key may be used to sign a message.

This flag allows the key to be used for a MAC calculation operation or for an asymmetric signature operation, if otherwise permitted by the key's type and policy.

For a key pair, this concerns the private key.

Definition at line 1735 of file crypto_values.h.

#define PSA_KEY_USAGE_VERIFY_HASH   ((psa_key_usage_t)0x00000800)

Whether the key may be used to verify a message signature.

This flag allows the key to be used for a MAC verification operation or for an asymmetric signature verification operation, if otherwise permitted by by the key's type and policy.

For a key pair, this concerns the public key.

Definition at line 1745 of file crypto_values.h.

Typedef Documentation

typedef uint32_t psa_key_usage_t

Encoding of permitted usage on a key.

Definition at line 246 of file crypto_types.h.