3.3.3. Key Store¶
KeyStore is a container for all secure keys and objects inside a secure storage.

3.3.3.1. APIs¶
3.3.3.2. Key Format¶
The sss_key_store_set_key
and sss_key_store_get_key
API’s do not impose a specific
format on the data parameter. Different implementations of the SSS API can have different
capabilities in dealing with an input format (relevant for sss_key_store_set_key
) and will use
a specific output format (relevant for sss_key_store_get_key
). The following section illustrates this by
taking the example of the SE050 implementation in the context of EC Key pairs.
3.3.3.2.1. EC Key pair¶
When passing an EC key pair as data argument to the sss_key_store_set_key
API, the key pair data must be DER encoded
using either the pkcs#8 format or classic OpenSSL format.
When retrieving an EC key pair as data argument from the sss_key_store_get
API, the full key pair cannot be retrieved.
Instead the public key value is returned. The public key is retrieved in ANSI X9.62 uncompressed format.