This backends reimplements the assymetric cryptography APIs from Trussed using the SE050 secure element. It also implements secure PIN handling following the trussed-auth APIs, as well as RSA operations (which aren't part of the core trussed API).
-
The
UnwrapKeysyscall cannot be used after the key has been deleted. As such, the key needs to be "cleared" with theClearsyscall if one wants to unwrap it again, leaving the metadata required for unwraping. -
Public keys obtained through
DeriveKeycan only be valid for as long as the original private key they are derived from.