Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Initializing Internal Keys

An internal key must be generated before a user application calls an API in libsdf.so to access the internal key.

To ease internal key management, this module provides a key management tool to help users create, delete, modify, query, import, and export keys, and restore factory settings.

  1. Run the sudo command to access the key management tool home page.
    sudo /usr/bin/tee_key_manage

  2. Press the up or down arrow key to move the arrow to the desired option, and press Enter.
    • Creating a key: For example, choose Create Key > User Key, and enter the key index and password.

      When you create an internal key, the tool checks the password complexity. The password must contain more than eight characters, including at least two types of the following characters: uppercase letters, lowercase letters, digits, and special characters. For security purposes, change your password periodically.

    • Querying a key: For example, choose Query Key > User Key, and enter the key index.

    • Changing the user key password: Choose Modify Key Password > User Key, and enter the key index, old password, and new password as prompted.

      The new password must be different from the old password.

    • Deleting a key: For example, choose Delete Key > User Key, and enter the key index.

    • Exporting a key: For example, choose Export Key > User Key, and enter the key index and salt value.

      You need to enter the salt value for key encryption. Upon successful execution, the .bin file of the key at the corresponding index is generated in the current tee_key_manage execution path.

      • Files for exporting a user key: 000xxxxx.bin (encryption key) and 800xxxxx.bin (signature key), where xxxxx indicates the index value.
      • File for exporting a KEK: 003xxxxx.bin
    • Importing a key: For example, choose Import Key > User Key, and enter the key index and salt value.

      Before importing a key, ensure that the .bin files of exported keys exist in the current path. You can import the key successfully only when index value in the .bin file name is the same as the entered index value, and the entered salt value is the same as that during export.

    • Restoring factory settings: Choose Factory Reset. The process is time-consuming. Wait patiently.

Parent topic: Environment Preparation