Skip to content

Commit 9666b14

Browse files
greg-ferrlubos
greg-fer
authored and
rlubos
committed
doc: crypto: KMU ECC key types update
Edited entries in the key type table for nRF54L KMU to better define the ECC key types supported. NCSDK-35010. Signed-off-by: Grzegorz Ferenc <Grzegorz.Ferenc@nordicsemi.no>
1 parent 38a898e commit 9666b14

1 file changed

Lines changed: 5 additions & 12 deletions

File tree

doc/nrf/app_dev/device_guides/nrf54l/cryptography.rst

Lines changed: 5 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -213,8 +213,8 @@ The following list shows available schemes that determine how the keys are used:
213213

214214
.. _ug_nrf54l_crypto_kmu_supported_key_types:
215215

216-
Supported key types
217-
===================
216+
Key types that can be stored in the KMU
217+
=======================================
218218

219219
The following table lists all key types that can be stored in the KMU, indicating which usage schemes (Protected, Encrypted, and Raw) support them and the number of key slots they require.
220220

@@ -253,27 +253,20 @@ The following table lists all key types that can be stored in the KMU, indicatin
253253
- No
254254
- Yes
255255
- Yes
256-
* - ECC secp256r1 key pair
256+
* - ECC secp256r1 key pair (ECDSA and ECDH usage) [3]_
257257
- | ``key_type``: ``PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)``
258258
| ``key_bits``: 256
259259
- 2
260260
- No
261261
- Yes
262262
- Yes
263-
* - ECC secp256r1 public key
263+
* - ECC secp256r1 public key (ECDSA usage only)
264264
- | ``key_type``: ``PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)``
265265
| ``key_bits``: 256
266266
- 4
267267
- No
268268
- Yes
269269
- Yes
270-
* - ECDH [3]_
271-
- | ``key_type``: ``PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)``
272-
| ``key_bits``: 256
273-
- 2
274-
- No
275-
- Yes
276-
- Yes
277270
* - Ed25519 key pair
278271
- | ``key_type``: ``PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS)``
279272
| ``key_bits``: 255
@@ -298,7 +291,7 @@ The following table lists all key types that can be stored in the KMU, indicatin
298291
- Yes
299292
.. [1] Keys with the Encrypted usage scheme (``CRACEN_KMU_KEY_USAGE_SCHEME_ENCRYPTED``) will require two additional KMU slots to store the nonce and the authentication tag.
300293
.. [2] Not supported on nRF54LM20.
301-
.. [3] Not supported for key derivation.
294+
.. [3] ECDH not supported for key derivation.
302295
303296
Storing keys in KMU
304297
===================

0 commit comments

Comments
 (0)