Key Attributes API#
The following table lists the PSA Crypto API for the key attributes.
| API | Description |
|---|---|
|
Initialize the key attributes ( |
|
Retrieve the key attributes ( |
|
Reset the key attributes ( |
|
Declare the key type ( |
|
Retrieve the key type ( |
|
Declare the key size ( |
|
Retrieve the key size ( |
|
Declare the usage flags ( |
|
Retrieve the usage flags ( |
|
Declare the permitted algorithm policy ( |
|
Retrieve the algorithm policy ( |
|
Declare a key as persistent and set its key identifier ( |
|
Retrieve the key identifier ( |
|
Set the location ( |
|
Retrieve the lifetime ( |
The following sections describe how to use the key attributes API to set up the storage for a key. Refer to the quick reference examples in Symmetric Key and Asymmetric Key for more details.
Volatile Plain Key
| Key ID | Persistence Level | Location Indicator | API Flow |
|---|---|---|---|
| = 0 | PSA_KEY_PERSISTENCE_VOLATILE |
Local (0x0) |
It is the default setting after calling psa_key_attributes_init().
No need to call psa_set_key_id() and psa_set_key_lifetime().
|
Example:
psa_key_attributes_t key_attr;
key_attr = psa_key_attributes_init();
psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
psa_set_key_bits(&key_attr, 256);
psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
psa_set_key_algorithm(&key_attr, PSA_ALG_ECDSA_ANY);Persistent Plain Key
| Key ID | Persistence Level | Location Indicator | API Flow |
|---|---|---|---|
| > 0 | PSA_KEY_PERSISTENCE_DEFAULT |
Local (0x0) |
A non-zero key ID in psa_set_key_id() will change the persistence level from PSA_KEY_PERSISTENCE_VOLATILE to PSA_KEY_PERSISTENCE_DEFAULT.
|
Example:
psa_key_attributes_t key_attr;
key_attr = psa_key_attributes_init();
psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
psa_set_key_bits(&key_attr, 256);
psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
psa_set_key_algorithm(&key_attr, PSA_ALG_ECDSA_ANY);
psa_set_key_id(&key_attr, 0x02);Volatile Wrapped Key
| Key ID | Persistence Level | Location Indicator | API Flow |
|---|---|---|---|
= 0 |
|
Secure (0x1) |
Use the |
Example:
psa_key_attributes_t key_attr;
key_attr = psa_key_attributes_init();
psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
psa_set_key_bits(&key_attr, 256);
psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
psa_set_key_algorithm(&key_attr, PSA_ALG_ECDSA_ANY);
psa_set_key_lifetime(&key_attr, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_VOLATILE, 0x01));Persistent Wrapped Key
| Key ID | Persistence Level | Location Indicator | API Flow |
|---|---|---|---|
> 0 |
|
Local (0x0) |
A non-zero key ID in |
> 0 |
|
Secure (0x1) |
Use the |
Example:
psa_key_attributes_t key_attr;
key_attr = psa_key_attributes_init();
psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
psa_set_key_bits(&key_attr, 256);
psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
psa_set_key_algorithm(&key_attr, PSA_ALG_ECDSA_ANY);
psa_set_key_id(&key_attr, 0x02);
psa_set_key_lifetime(&key_attr, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, 0x01));Note:
The
PSA_KEY_PERSISTENCE_DEFAULTis equal toPSA_KEY_LIFETIME_PERSISTENT.Refer to Key Identifiers for details about the Key ID.