3.3.3. Key Store

KeyStore is a container for all secure keys and objects inside a secure storage.

../../_images/key_store.png

3.3.3.1. APIs

See SSS Keystore types and APIs

3.3.3.2. Key Format

The sss_key_store_set_key and sss_key_store_get_key API’s do not impose a specific format on the data parameter. Different implementations of the SSS API can have different capabilities in dealing with an input format (relevant for sss_key_store_set_key) and will use a specific output format (relevant for sss_key_store_get_key). The following section illustrates this by taking the example of the SE050 implementation in the context of EC Key pairs.

3.3.3.2.1. EC Key pair

When passing an EC key pair as data argument to the sss_key_store_set_key API, the key pair data must be DER encoded using either the pkcs#8 format or classic OpenSSL format.

When retrieving an EC key pair as data argument from the sss_key_store_get API, the full key pair cannot be retrieved. Instead the public key value is returned. The public key is retrieved in ANSI X9.62 uncompressed format.