You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For OCP LOCK, a required feature would be to be able to use a KV slot as an AES GCM key. The AES hardware can truncate the key to the correct size before using it.
This is needed because we wish to derive an AES GCM decryption key based on the results of an HMAC operation where the key is in KV, and therefore the results of the HMAC operation must be in KV.
Separately: a desired feature would be to encrypt/decrypt a payload directly from/into a KV slot, such that it was never exposed to memory.
The text was updated successfully, but these errors were encountered:
For OCP LOCK, a required feature would be to be able to use a KV slot as an AES GCM key. The AES hardware can truncate the key to the correct size before using it.
This is needed because we wish to derive an AES GCM decryption key based on the results of an HMAC operation where the key is in KV, and therefore the results of the HMAC operation must be in KV.
Separately: a desired feature would be to encrypt/decrypt a payload directly from/into a KV slot, such that it was never exposed to memory.
The text was updated successfully, but these errors were encountered: