docs/1.0.1/html/api/keys/management.html

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta charset="utf-8" />
    <title>9.6. Key management functions &#8212; PSA Crypto API 1.0.1 documentation</title>
    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
    <script type="text/javascript" id="documentation_options" data-url_root="../../" src="../../_static/documentation_options.js"></script>
    <script type="text/javascript" src="../../_static/jquery.js"></script>
    <script type="text/javascript" src="../../_static/underscore.js"></script>
    <script type="text/javascript" src="../../_static/doctools.js"></script>
    <script type="text/javascript" src="../../_static/language_data.js"></script>
    <link rel="author" title="About these documents" href="../../about.html" />
    <link rel="index" title="Index" href="../../genindex.html" />
    <link rel="search" title="Search" href="../../search.html" />
    <link rel="next" title="10. Cryptographic operation reference" href="../ops/index.html" />
    <link rel="prev" title="9.5. Key policies" href="policy.html" />
   
  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
  
  
  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />

  </head><body>
  

    <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          

          <div class="body" role="main">
            
  <div class="section" id="key-management-functions">
<h1>9.6. Key management functions</h1>
<div class="section" id="key-creation">
<span id="id1"></span><h2>9.6.1. Key creation</h2>
<p>New keys can be created in the following ways:</p>
<ul class="simple">
<li><p><a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a> creates a key from a data buffer provided by the application.</p></li>
<li><p><a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_generate_key()</span></code></a> creates a key from randomly generated data.</p></li>
<li><p><a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key()</span></code></a> creates a key from data generated by a pseudorandom derivation process. See <a class="reference internal" href="../ops/kdf.html#kdf"><span class="secref">Key derivation</span></a>.</p></li>
<li><p><a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_copy_key()</span></code></a> duplicates an existing key with a different lifetime or with a more restrictive usage policy.</p></li>
</ul>
<p>When creating a key, the attributes for the new key are specified in a <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code></a> object. Each key creation function defines how it uses the attributes.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>The attributes for a key are immutable after the key has been created.</p>
<p>The application must set the key algorithm policy and the appropriate key usage flags in the attributes in order for the key to be used in any cryptographic operations.</p>
</div>
<div class="section" id="psa_import_key">
<span id="c.psa_import_key"></span><h3><code class="docutils literal notranslate"><span class="pre">psa_import_key</span></code> (function)</h3>
<p>Import a key in binary format.</p>
<pre class="literal-block"><a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_import_key" title="psa_import_key">psa_import_key</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
                            const uint8_t * data,
                            size_t data_length,
                            <a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);</pre>
<p class="rubric">Parameters</p>
<dl>
<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt><dd><p>The attributes for the new key.
This function uses the attributes as follows:</p>
<ul class="simple">
<li><p>The key type is required, and determines how the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer is interpreted.</p></li>
<li><p>The key size is always determined from the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer. If the key size in <code class="docutils literal notranslate"><span class="pre">attributes</span></code> is nonzero, it must be equal to the size determined from <code class="docutils literal notranslate"><span class="pre">data</span></code>.</p></li>
<li><p>The key permitted-algorithm policy is required for keys that will be used for a cryptographic operation, see <a class="reference internal" href="policy.html#permitted-algorithms"><span class="secref">Permitted algorithms</span></a>.</p></li>
<li><p>The key usage flags define what operations are permitted with the key, see <a class="reference internal" href="policy.html#key-usage-flags"><span class="secref">Key usage flags</span></a>.</p></li>
<li><p>The key lifetime and identifier are required for a persistent key.</p></li>
</ul>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>This is an input parameter: it is not updated with the final key attributes. The final attributes of the new key can be queried by calling <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_get_key_attributes()</span></code></a> with the key’s identifier.</p>
</div>
</dd>
<dt> <code class="docutils literal notranslate"><span class="pre">data</span></code></dt><dd><p>Buffer containing the key data.
The content of this buffer is interpreted according to the type declared in <code class="docutils literal notranslate"><span class="pre">attributes</span></code>.
All implementations must support at least the format described in the documentation of <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> or <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a> for the chosen type.
Implementations can support other formats, but be conservative in interpreting the key data: it is recommended that implementations reject content if it might be erroneous, for example, if it is the wrong type or is truncated.</p>
</dd>
<dt> <code class="docutils literal notranslate"><span class="pre">data_length</span></code></dt><dd><p>Size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer in bytes.</p>
</dd>
<dt> <code class="docutils literal notranslate"><span class="pre">key</span></code></dt><dd><p>On success, an identifier for the newly created key. <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</p>
</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a></p>
<dl class="simple">
<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a></dt><dd><p>Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></dt><dd><p>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt><dd><p>The key type or key size is not supported, either by the implementation in general or in this particular persistent location.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt><dd><p>The key attributes, as a whole, are invalid.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt><dd><p>The key data is not correctly formatted.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt><dd><p>The size in <code class="docutils literal notranslate"><span class="pre">attributes</span></code> is nonzero and does not match the size of the key data.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt><dd><p>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</p>
</dd>
</dl>
<p class="rubric">Description</p>
<p>This function supports any output from <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a>. Refer to the documentation of <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a> for the format of public keys and to the documentation of <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> for the format for other key types.</p>
<p>The key data determines the key size. The attributes can optionally specify a key size; in this case it must match the size determined from the key data. A key size of <code class="docutils literal notranslate"><span class="pre">0</span></code> in <code class="docutils literal notranslate"><span class="pre">attributes</span></code> indicates that the key size is solely determined by the key data.</p>
<p>Implementations must reject an attempt to import a key of size <code class="docutils literal notranslate"><span class="pre">0</span></code>.</p>
<p>This specification defines a single format for each key type. Implementations can optionally support other formats in addition to the standard format. It is recommended that implementations that support other formats ensure that the formats are clearly unambiguous, to minimize the risk that an invalid input is accidentally interpreted according to a different format.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>The PSA Crypto API does not support asymmetric private key objects outside of a key pair. To import a private key, the <code class="docutils literal notranslate"><span class="pre">attributes</span></code> must specify the corresponding key pair type. Depending on the key type, either the import format contains the public key data or the implementation will reconstruct the public key from the private key as needed.</p>
</div>
</div>
<div class="section" id="psa_generate_key">
<span id="c.psa_generate_key"></span><h3><code class="docutils literal notranslate"><span class="pre">psa_generate_key</span></code> (function)</h3>
<p>Generate a key or key pair.</p>
<pre class="literal-block"><a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key">psa_generate_key</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
                              <a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);</pre>
<p class="rubric">Parameters</p>
<dl>
<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt><dd><p>The attributes for the new key.
This function uses the attributes as follows:</p>
<ul class="simple">
<li><p>The key type is required. It cannot be an asymmetric public key.</p></li>
<li><p>The key size is required. It must be a valid size for the key type.</p></li>
<li><p>The key permitted-algorithm policy is required for keys that will be used for a cryptographic operation, see <a class="reference internal" href="policy.html#permitted-algorithms"><span class="secref">Permitted algorithms</span></a>.</p></li>
<li><p>The key usage flags define what operations are permitted with the key, see <a class="reference internal" href="policy.html#key-usage-flags"><span class="secref">Key usage flags</span></a>.</p></li>
<li><p>The key lifetime and identifier are required for a persistent key.</p></li>
</ul>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>This is an input parameter: it is not updated with the final key attributes. The final attributes of the new key can be queried by calling <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_get_key_attributes()</span></code></a> with the key’s identifier.</p>
</div>
</dd>
<dt> <code class="docutils literal notranslate"><span class="pre">key</span></code></dt><dd><p>On success, an identifier for the newly created key. <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</p>
</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a></p>
<dl class="simple">
<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a></dt><dd><p>Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></dt><dd><p>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt><dd><p>The key type or key size is not supported, either by the implementation in general or in this particular persistent location.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt><dd><p>The key attributes, as a whole, are invalid.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt><dd><p>The key type is an asymmetric public key type.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt><dd><p>The key size is not a valid size for the key type.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt><dd><p>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</p>
</dd>
</dl>
<p class="rubric">Description</p>
<p>The key is generated randomly. Its location, policy, type and size are taken from <code class="docutils literal notranslate"><span class="pre">attributes</span></code>.</p>
<p>Implementations must reject an attempt to generate a key of size <code class="docutils literal notranslate"><span class="pre">0</span></code>.</p>
<p>The following type-specific considerations apply:</p>
<ul class="simple">
<li><p>For RSA keys (<a class="reference internal" href="types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>), the public exponent is 65537. The modulus is a product of two probabilistic primes between 2^{n-1} and 2^n where n is the bit size specified in the attributes.</p></li>
</ul>
</div>
<div class="section" id="psa_copy_key">
<span id="c.psa_copy_key"></span><h3><code class="docutils literal notranslate"><span class="pre">psa_copy_key</span></code> (function)</h3>
<p>Make a copy of a key.</p>
<pre class="literal-block"><a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key">psa_copy_key</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> source_key,
                          const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
                          <a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * target_key);</pre>
<p class="rubric">Parameters</p>
<dl>
<dt> <code class="docutils literal notranslate"><span class="pre">source_key</span></code></dt><dd><p>The key to copy.
It must allow the usage <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a>.
If a private or secret key is being copied outside of a secure element it must also allow <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a>.</p>
</dd>
<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt><dd><p>The attributes for the new key. This function uses the attributes as follows:</p>
<ul class="simple">
<li><p>The key type and size can be <code class="docutils literal notranslate"><span class="pre">0</span></code>. If either is nonzero, it must match the corresponding attribute of the source key.</p></li>
<li><p>The key location (the lifetime and, for persistent keys, the key identifier) is used directly.</p></li>
<li><p>The key policy (usage flags and permitted algorithm) are combined from the source key and <code class="docutils literal notranslate"><span class="pre">attributes</span></code> so that both sets of restrictions apply, as described in the documentation of this function.</p></li>
</ul>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>This is an input parameter: it is not updated with the final key attributes. The final attributes of the new key can be queried by calling <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_get_key_attributes()</span></code></a> with the key’s identifier.</p>
</div>
</dd>
<dt> <code class="docutils literal notranslate"><span class="pre">target_key</span></code></dt><dd><p>On success, an identifier for the newly created key. <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</p>
</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a></p>
<dl class="simple">
<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a></dt><dd><p>Success. If the new key is persistent, the key material and the key’s metadata have been saved to persistent storage.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt><dd><p><code class="docutils literal notranslate"><span class="pre">source_key</span></code> is invalid.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></dt><dd><p>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt><dd><p>The lifetime or identifier in <code class="docutils literal notranslate"><span class="pre">attributes</span></code> are invalid.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt><dd><p>The key policies from <code class="docutils literal notranslate"><span class="pre">source_key</span></code> and specified in <code class="docutils literal notranslate"><span class="pre">attributes</span></code> are incompatible.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt><dd><p><code class="docutils literal notranslate"><span class="pre">attributes</span></code> specifies a key type or key size which does not match the attributes of <code class="docutils literal notranslate"><span class="pre">source</span> <span class="pre">key</span></code>.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt><dd><p><code class="docutils literal notranslate"><span class="pre">source_key</span></code> does not have the <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> usage flag.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt><dd><p><code class="docutils literal notranslate"><span class="pre">source_key</span></code> does not have the <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> usage flag and its lifetime does not allow copying it to the target’s lifetime.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt><dd><p>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</p>
</dd>
</dl>
<p class="rubric">Description</p>
<p>Copy key material from one location to another.</p>
<p>This function is primarily useful to copy a key from one location to another, as it populates a key using the material from another key which can have a different lifetime.</p>
<p>This function can be used to share a key with a different party, subject to implementation-defined restrictions on key sharing.</p>
<p>The policy on the source key must have the usage flag <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> set. This flag is sufficient to permit the copy if the key has the lifetime <a class="reference internal" href="lifetimes.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> or <a class="reference internal" href="lifetimes.html#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>. Some secure elements do not provide a way to copy a key without making it extractable from the secure element. If a key is located in such a secure element, then the key must have both usage flags <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> and <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> in order to make a copy of the key outside the secure element.</p>
<p>The resulting key can only be used in a way that conforms to both the policy of the original key and the policy specified in the <code class="docutils literal notranslate"><span class="pre">attributes</span></code> parameter:</p>
<ul class="simple">
<li><p>The usage flags on the resulting key are the bitwise-and of the usage flags on the source policy and the usage flags in <code class="docutils literal notranslate"><span class="pre">attributes</span></code>.</p></li>
<li><p>If both permit the same algorithm or wildcard-based algorithm, the resulting key has the same permitted algorithm.</p></li>
<li><p>If either of the policies permits an algorithm and the other policy allows a wildcard-based permitted algorithm that includes this algorithm, the resulting key uses this permitted algorithm.</p></li>
<li><p>If the policies do not permit any algorithm in common, this function fails with the status <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a>.</p></li>
</ul>
<p>The effect of this function on implementation-defined attributes is implementation-defined.</p>
</div>
</div>
<div class="section" id="key-destruction">
<span id="id2"></span><h2>9.6.2. Key destruction</h2>
<div class="section" id="psa_destroy_key">
<span id="c.psa_destroy_key"></span><h3><code class="docutils literal notranslate"><span class="pre">psa_destroy_key</span></code> (function)</h3>
<p>Destroy a key.</p>
<pre class="literal-block"><a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_destroy_key" title="psa_destroy_key">psa_destroy_key</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);</pre>
<p class="rubric">Parameters</p>
<dl class="simple">
<dt> <code class="docutils literal notranslate"><span class="pre">key</span></code></dt><dd><p>Identifier of the key to erase.
If this is <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_NULL</span></code></a>, do nothing and return <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a>.</p>
</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a></p>
<dl class="simple">
<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a></dt><dd><p><code class="docutils literal notranslate"><span class="pre">key</span></code> was a valid key identifier and the key material that it referred to has been erased.
Alternatively, <code class="docutils literal notranslate"><span class="pre">key</span></code> is <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_NULL</span></code></a>.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt><dd><p>The key cannot be erased because it is read-only, either due to a policy or due to physical restrictions.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt><dd><p><code class="docutils literal notranslate"><span class="pre">key</span></code> is not a valid handle nor <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_NULL</span></code></a>.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt><dd><p>There was an failure in communication with the cryptoprocessor. The key material might still be present in the cryptoprocessor.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt><dd><p>The storage operation failed. Implementations must make a best effort to erase key material even in this situation, however, it might be impossible to guarantee that the key material is not recoverable in such cases.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt><dd><p>The storage is corrupted. Implementations must make a best effort to erase key material even in this situation, however, it might be impossible to guarantee that the key material is not recoverable in such cases.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt><dd><p>An unexpected condition which is not a storage corruption or a communication failure occurred. The cryptoprocessor might have been compromised.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt><dd><p>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</p>
</dd>
</dl>
<p class="rubric">Description</p>
<p>This function destroys a key from both volatile memory and, if applicable, non-volatile storage. Implementations must make a best effort to ensure that that the key material cannot be recovered.</p>
<p>This function also erases any metadata such as policies and frees resources associated with the key.</p>
<p>Destroying the key makes the key identifier invalid, and the key identifier must not be used again by the application.</p>
<p>If a key is currently in use in a multi-part operation, then destroying the key will cause the multi-part operation to fail.</p>
</div>
<div class="section" id="psa_purge_key">
<span id="c.psa_purge_key"></span><h3><code class="docutils literal notranslate"><span class="pre">psa_purge_key</span></code> (function)</h3>
<p>Remove non-essential copies of key material from memory.</p>
<pre class="literal-block"><a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_purge_key" title="psa_purge_key">psa_purge_key</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);</pre>
<p class="rubric">Parameters</p>
<dl class="simple">
<dt> <code class="docutils literal notranslate"><span class="pre">key</span></code></dt><dd><p>Identifier of the key to purge.</p>
</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a></p>
<dl class="simple">
<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a></dt><dd><p>The key material will have been removed from memory if it is not currently required.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt><dd><p>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</p>
</dd>
</dl>
<p class="rubric">Description</p>
<p>For keys that have been created with the <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> usage flag, an implementation is permitted to make additional copies of the key material that are not in storage and not for the purpose of ongoing operations.</p>
<p>This function will remove these extra copies of the key material from memory.</p>
<p>This function is not required to remove key material from memory in any of the following situations:</p>
<ul class="simple">
<li><p>The key is currently in use in a cryptographic operation.</p></li>
<li><p>The key is volatile.</p></li>
</ul>
<p>See also <a class="reference internal" href="../../overview/implementation.html#key-material"><span class="secref">Managing key material</span></a>.</p>
</div>
</div>
<div class="section" id="key-export">
<span id="id3"></span><h2>9.6.3. Key export</h2>
<div class="section" id="psa_export_key">
<span id="c.psa_export_key"></span><h3><code class="docutils literal notranslate"><span class="pre">psa_export_key</span></code> (function)</h3>
<p>Export a key in binary format.</p>
<pre class="literal-block"><a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_export_key" title="psa_export_key">psa_export_key</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
                            uint8_t * data,
                            size_t data_size,
                            size_t * data_length);</pre>
<p class="rubric">Parameters</p>
<dl class="simple">
<dt> <code class="docutils literal notranslate"><span class="pre">key</span></code></dt><dd><p>Identifier of the key to export.
It must allow the usage <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a>, unless it is a public key.</p>
</dd>
<dt> <code class="docutils literal notranslate"><span class="pre">data</span></code></dt><dd><p>Buffer where the key data is to be written.</p>
</dd>
<dt> <code class="docutils literal notranslate"><span class="pre">data_size</span></code></dt><dd><p>Size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer in bytes.
This must be appropriate for the key:</p>
<ul class="simple">
<li><p>The required output size is <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE</span></code></a><code class="docutils literal notranslate"><span class="pre">(</span></code><code class="docutils literal notranslate"><span class="pre">type</span></code><code class="docutils literal notranslate"><span class="pre">,</span> </code><code class="docutils literal notranslate"><span class="pre">bits</span></code><code class="docutils literal notranslate"><span class="pre">)</span></code> where <code class="docutils literal notranslate"><span class="pre">type</span></code> is the key type and <code class="docutils literal notranslate"><span class="pre">bits</span></code> is the key size in bits.</p></li>
<li><p><a class="reference internal" href="#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported key pair.</p></li>
<li><p><a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported public key.</p></li>
<li><p>This API defines no maximum size for symmetric keys. Arbitrarily large data items can be stored in the key store, for example certificates that correspond to a stored private key or input material for key derivation.</p></li>
</ul>
</dd>
<dt> <code class="docutils literal notranslate"><span class="pre">data_length</span></code></dt><dd><p>On success, the number of bytes that make up the key data.</p>
</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a></p>
<dl class="simple">
<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt><dd><p>The key does not have the <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> flag.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt><dd><p>The size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer is too small.
<a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt><dd><p>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</p>
</dd>
</dl>
<p class="rubric">Description</p>
<p>The output of this function can be passed to <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a> to create an equivalent object.</p>
<p>If the implementation of <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a> supports other formats beyond the format specified here, the output from <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> must use the representation specified here, not the original representation.</p>
<p>For standard key types, the output format is as follows:</p>
<ul>
<li><p>For symmetric keys, excluding HMAC keys, the format is the raw bytes of the key.</p></li>
<li><p>For HMAC keys that are shorter than, or equal in size to, the underlying hash algorithm block size, the format is the raw bytes of the key.</p>
<p>For HMAC keys that are longer than the underlying hash algorithm block size, the format is an <a class="reference internal" href="../../about.html#term-implementation-defined"><span class="scterm">implementation defined</span></a> choice between the following formats:</p>
<ol class="arabic simple">
<li><p>The raw bytes of the key.</p></li>
<li><p>The raw bytes of the hash of the key, using the underlying hash algorithm.</p></li>
</ol>
<p>See also <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_HMAC</span></code></a>.</p>
</li>
<li><p>For DES, the key data consists of 8 bytes. The parity bits must be correct.</p></li>
<li><p>For Triple-DES, the format is the concatenation of the two or three DES keys.</p></li>
<li><p>For RSA key pairs, with key type <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>, the format is the non-encrypted DER encoding of the representation defined by in <span><em>PKCS #1: RSA Cryptography Specifications Version 2.2</em> <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a></span> as <code class="docutils literal notranslate"><span class="pre">RSAPrivateKey</span></code>, version <code class="docutils literal notranslate"><span class="pre">0</span></code>.</p>
<div class="highlight-none notranslate"><div class="highlight"><pre><span></span>RSAPrivateKey ::= SEQUENCE {
    version             INTEGER,  -- must be 0
    modulus             INTEGER,  -- n
    publicExponent      INTEGER,  -- e
    privateExponent     INTEGER,  -- d
    prime1              INTEGER,  -- p
    prime2              INTEGER,  -- q
    exponent1           INTEGER,  -- d mod (p-1)
    exponent2           INTEGER,  -- d mod (q-1)
    coefficient         INTEGER,  -- (inverse of q) mod p
}
</pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Although it is possible to define an RSA key pair or private key using a subset of these elements, the output from <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> for an RSA key pair must include all of these elements.</p>
</div>
</li>
<li><p>For elliptic curve key pairs, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR" title="PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR()</span></code></a> is true, the format is a representation of the private value.</p>
<ul>
<li><p>For Weierstrass curve families <code class="docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code>, <code class="docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a> and <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a>, the content of the <code class="docutils literal notranslate"><span class="pre">privateKey</span></code> field of the <code class="docutils literal notranslate"><span class="pre">ECPrivateKey</span></code> format defined by <span><em>Elliptic Curve Private Key Structure</em> <a class="reference internal" href="../../about.html#citation-rfc5915"><span class="cite">[RFC5915]</span></a></span>.</p>
<p>This is a <code class="docutils literal notranslate"><span class="pre">ceiling(m/8)</span></code>-byte string in big-endian order where <code class="docutils literal notranslate"><span class="pre">m</span></code> is the key size in bits.</p>
</li>
<li><p>For curve family <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, the scalar value of the ‘private key’ in little-endian order as defined by <span><em>Elliptic Curves for Security</em> <a class="reference internal" href="../../about.html#citation-rfc7748"><span class="cite">[RFC7748]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-6">§6</a>. The value must have the forced bits set to zero or one as specified by <code class="docutils literal notranslate"><span class="pre">decodeScalar25519()</span></code> and <code class="docutils literal notranslate"><span class="pre">decodeScalar448()</span></code> in <a class="reference internal" href="../../about.html#citation-rfc7748"><span class="cite">[RFC7748]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-5">§5</a>.</p>
<p>This is a <code class="docutils literal notranslate"><span class="pre">ceiling(m/8)</span></code>-byte string where <code class="docutils literal notranslate"><span class="pre">m</span></code> is the key size in bits. This is 32 bytes for Curve25519, and 56 bytes for Curve448.</p>
</li>
</ul>
</li>
<li><p>For Diffie-Hellman key exchange key pairs, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_DH_KEY_PAIR" title="PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR()</span></code></a> is true, the format is the representation of the private key <code class="docutils literal notranslate"><span class="pre">x</span></code> as a big-endian byte string. The length of the byte string is the private key size in bytes, and leading zeroes are not stripped.</p></li>
<li><p>For public keys, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY()</span></code></a> is true, the format is the same as for <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a>.</p></li>
</ul>
<p>The policy on the key must have the usage flag <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> set.</p>
</div>
<div class="section" id="psa_export_public_key">
<span id="c.psa_export_public_key"></span><h3><code class="docutils literal notranslate"><span class="pre">psa_export_public_key</span></code> (function)</h3>
<p>Export a public key or the public part of a key pair in binary format.</p>
<pre class="literal-block"><a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key">psa_export_public_key</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
                                   uint8_t * data,
                                   size_t data_size,
                                   size_t * data_length);</pre>
<p class="rubric">Parameters</p>
<dl class="simple">
<dt> <code class="docutils literal notranslate"><span class="pre">key</span></code></dt><dd><p>Identifier of the key to export.</p>
</dd>
<dt> <code class="docutils literal notranslate"><span class="pre">data</span></code></dt><dd><p>Buffer where the key data is to be written.</p>
</dd>
<dt> <code class="docutils literal notranslate"><span class="pre">data_size</span></code></dt><dd><p>Size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer in bytes.
This must be appropriate for the key:</p>
<ul class="simple">
<li><p>The required output size is <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</span></code></a><code class="docutils literal notranslate"><span class="pre">(</span></code><code class="docutils literal notranslate"><span class="pre">type</span></code><code class="docutils literal notranslate"><span class="pre">,</span> </code><code class="docutils literal notranslate"><span class="pre">bits</span></code><code class="docutils literal notranslate"><span class="pre">)</span></code> where <code class="docutils literal notranslate"><span class="pre">type</span></code> is the key type and <code class="docutils literal notranslate"><span class="pre">bits</span></code> is the key size in bits.</p></li>
<li><p><a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported public key or public part of a key pair.</p></li>
</ul>
</dd>
<dt> <code class="docutils literal notranslate"><span class="pre">data_length</span></code></dt><dd><p>On success, the number of bytes that make up the key data.</p>
</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a></p>
<dl class="simple">
<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt><dd><p>The key is neither a public key nor a key pair.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt><dd><p>The size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer is too small.
<a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</p>
</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt><dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt><dd><p>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</p>
</dd>
</dl>
<p class="rubric">Description</p>
<p>The output of this function can be passed to <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a> to create an object that is equivalent to the public key.</p>
<p>If the implementation of <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a> supports other formats beyond the format specified here, the output from <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a> must use the representation specified here, not the original representation.</p>
<p>For standard key types, the output format is as follows:</p>
<ul>
<li><p>For RSA public keys, with key type <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code></a>, the DER encoding of the representation defined by <span><em>Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</em> <a class="reference internal" href="../../about.html#citation-rfc3279"><span class="cite">[RFC3279]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc3279.html#section-2.3.1">§2.3.1</a> as <code class="docutils literal notranslate"><span class="pre">RSAPublicKey</span></code>.</p>
<div class="highlight-none notranslate"><div class="highlight"><pre><span></span>RSAPublicKey ::= SEQUENCE {
   modulus            INTEGER,    -- n
   publicExponent     INTEGER  }  -- e
</pre></div>
</div>
</li>
<li><p>For elliptic curve key pairs, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY()</span></code></a> is true, the format depends on the key family:</p>
<ul class="simple">
<li><p>For Weierstrass curve families <code class="docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code>, <code class="docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a> and <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a>, the uncompressed representation of an elliptic curve point as an octet string defined in <span><em>SEC 1: Elliptic Curve Cryptography</em> <a class="reference internal" href="../../about.html#citation-sec1"><span class="cite">[SEC1]</span></a></span> §2.3.3. If <code class="docutils literal notranslate"><span class="pre">m</span></code> is the bit size associated with the curve, i.e. the bit size of <code class="docutils literal notranslate"><span class="pre">q</span></code> for a curve over <code class="docutils literal notranslate"><span class="pre">F_q</span></code>. The representation consists of:</p>
<ul>
<li><p>The byte <code class="docutils literal notranslate"><span class="pre">0x04</span></code>;</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">x_P</span></code> as a <code class="docutils literal notranslate"><span class="pre">ceiling(m/8)</span></code>-byte string, big-endian;</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">y_P</span></code> as a <code class="docutils literal notranslate"><span class="pre">ceiling(m/8)</span></code>-byte string, big-endian.</p></li>
</ul>
</li>
<li><p>For curve family <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, the scalar value of the ‘public key’ in little-endian order as defined by <span><em>Elliptic Curves for Security</em> <a class="reference internal" href="../../about.html#citation-rfc7748"><span class="cite">[RFC7748]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-6">§6</a>. This is a <code class="docutils literal notranslate"><span class="pre">ceiling(m/8)</span></code>-byte string where <code class="docutils literal notranslate"><span class="pre">m</span></code> is the key size in bits.</p>
<ul>
<li><p>This is 32 bytes for Curve25519, computed as <code class="docutils literal notranslate"><span class="pre">X25519(private_key,</span> <span class="pre">9)</span></code>.</p></li>
<li><p>This is 56 bytes for Curve448, computed as <code class="docutils literal notranslate"><span class="pre">X448(private_key,</span> <span class="pre">5)</span></code>.</p></li>
</ul>
</li>
</ul>
</li>
<li><p>For Diffie-Hellman key exchange public keys, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code></a> is true, the format is the representation of the public key <code class="docutils literal notranslate"><span class="pre">y</span> <span class="pre">=</span> <span class="pre">g^x</span> <span class="pre">mod</span> <span class="pre">p</span></code> as a big-endian byte string. The length of the byte string is the length of the base prime <code class="docutils literal notranslate"><span class="pre">p</span></code> in bytes.</p></li>
</ul>
<p>Exporting a public key object or the public part of a key pair is always permitted, regardless of the key’s usage flags.</p>
</div>
<div class="section" id="PSA_EXPORT_KEY_OUTPUT_SIZE">
<span id="c.PSA_EXPORT_KEY_OUTPUT_SIZE"></span><h3><code class="docutils literal notranslate"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE</span></code> (macro)</h3>
<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a>.</p>
<pre class="literal-block">#define <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE">PSA_EXPORT_KEY_OUTPUT_SIZE</a>(key_type, key_bits) \
    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em></pre>
<p class="rubric">Parameters</p>
<dl class="simple">
<dt> <code class="docutils literal notranslate"><span class="pre">key_type</span></code></dt><dd><p>A supported key type.</p>
</dd>
<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt><dd><p>The size of the key in bits.</p>
</dd>
</dl>
<p class="rubric">Returns</p>
<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> or <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a> will not fail with <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or <code class="docutils literal notranslate"><span class="pre">0</span></code>. If the parameters are not valid, the return value is unspecified.</p>
<p class="rubric">Description</p>
<p>This macro returns a compile-time constant if its arguments are compile-time constants.</p>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>This function can evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.</p>
</div>
<p>The following code illustrates how to allocate enough memory to export a key by querying the key type and size at runtime.</p>
<pre class="literal-block"><a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> attributes = <a class="reference internal" href="attributes.html#c.PSA_KEY_ATTRIBUTES_INIT" title="PSA_KEY_ATTRIBUTES_INIT">PSA_KEY_ATTRIBUTES_INIT</a>;
<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> status;
status = <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes">psa_get_key_attributes</a>(key, &amp;attributes);
if (status != <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a>)
    handle_error(...);
<a class="reference internal" href="types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> key_type = <a class="reference internal" href="types.html#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(&amp;attributes);
size_t key_bits = <a class="reference internal" href="types.html#c.psa_get_key_bits" title="psa_get_key_bits">psa_get_key_bits</a>(&amp;attributes);
size_t buffer_size = <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE">PSA_EXPORT_KEY_OUTPUT_SIZE</a>(key_type, key_bits);
<a class="reference internal" href="attributes.html#c.psa_reset_key_attributes" title="psa_reset_key_attributes">psa_reset_key_attributes</a>(&amp;attributes);
uint8_t *buffer = malloc(buffer_size);
if (buffer == NULL)
    handle_error(...);
size_t buffer_length;
status = <a class="reference internal" href="#c.psa_export_key" title="psa_export_key">psa_export_key</a>(key, buffer, buffer_size, &amp;buffer_length);
if (status != <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a>)
    handle_error(...);</pre>
<p>See also <a class="reference internal" href="#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code></a> and <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a>.</p>
</div>
<div class="section" id="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE">
<span id="c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"></span><h3><code class="docutils literal notranslate"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</span></code> (macro)</h3>
<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a>.</p>
<pre class="literal-block">#define <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</a>(key_type, key_bits) \
    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em></pre>
<p class="rubric">Parameters</p>
<dl class="simple">
<dt> <code class="docutils literal notranslate"><span class="pre">key_type</span></code></dt><dd><p>A public key or key pair key type.</p>
</dd>
<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt><dd><p>The size of the key in bits.</p>
</dd>
</dl>
<p class="rubric">Returns</p>
<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a> will not fail with <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or <code class="docutils literal notranslate"><span class="pre">0</span></code>. If the parameters are not valid, the return value is unspecified.</p>
<p>If the parameters are valid and supported, it is recommended that this macro returns the same result as <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE</span></code></a><code class="docutils literal notranslate"><span class="pre">(</span></code><a class="reference internal" href="types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a><code class="docutils literal notranslate"><span class="pre">(</span></code><code class="docutils literal notranslate"><span class="pre">key_type</span></code><code class="docutils literal notranslate"><span class="pre">),</span> </code><code class="docutils literal notranslate"><span class="pre">key_bits</span></code><code class="docutils literal notranslate"><span class="pre">)</span></code>.</p>
<p class="rubric">Description</p>
<p>This macro returns a compile-time constant if its arguments are compile-time constants.</p>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>This function can evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.</p>
</div>
<p>The following code illustrates how to allocate enough memory to export a public key by querying the key type and size at runtime.</p>
<pre class="literal-block"><a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> attributes = <a class="reference internal" href="attributes.html#c.PSA_KEY_ATTRIBUTES_INIT" title="PSA_KEY_ATTRIBUTES_INIT">PSA_KEY_ATTRIBUTES_INIT</a>;
<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> status;
status = <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes">psa_get_key_attributes</a>(key, &amp;attributes);
if (status != <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a>)
    handle_error(...);
<a class="reference internal" href="types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> key_type = <a class="reference internal" href="types.html#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(&amp;attributes);
size_t key_bits = <a class="reference internal" href="types.html#c.psa_get_key_bits" title="psa_get_key_bits">psa_get_key_bits</a>(&amp;attributes);
size_t buffer_size = <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</a>(key_type, key_bits);
<a class="reference internal" href="attributes.html#c.psa_reset_key_attributes" title="psa_reset_key_attributes">psa_reset_key_attributes</a>(&amp;attributes);
uint8_t *buffer = malloc(buffer_size);
if (buffer == NULL)
    handle_error(...);
size_t buffer_length;
status = <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key">psa_export_public_key</a>(key, buffer, buffer_size, &amp;buffer_length);
if (status != <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a>)
    handle_error(...);</pre>
<p>See also <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a>.</p>
</div>
<div class="section" id="PSA_EXPORT_KEY_PAIR_MAX_SIZE">
<span id="c.PSA_EXPORT_KEY_PAIR_MAX_SIZE"></span><h3><code class="docutils literal notranslate"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code> (macro)</h3>
<p>Sufficient buffer size for exporting any asymmetric key pair.</p>
<pre class="literal-block">#define <a class="reference internal" href="#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE">PSA_EXPORT_KEY_PAIR_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em></pre>
<p>This macro must expand to a compile-time constant integer.
This value must be a sufficient buffer size when calling <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> to export any asymmetric key pair that is supported by the implementation, regardless of the exact key type and key size.</p>
<p>See also <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE()</span></code></a>.</p>
</div>
<div class="section" id="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE">
<span id="c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"></span><h3><code class="docutils literal notranslate"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</h3>
<p>Sufficient buffer size for exporting any asymmetric public key.</p>
<pre class="literal-block">#define <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em></pre>
<p>This macro must expand to a compile-time constant integer.
This value must be a sufficient buffer size when calling <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> or <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a> to export any asymmetric public key that is supported by the implementation, regardless of the exact key type and key size.</p>
<p>See also <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE()</span></code></a>.</p>
</div>
</div>
</div>


          </div>
          
        </div>
      </div>
      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
        <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
IHI 0086<br/>
Non-confidential<br/>
Version 1.0.1
<span style="color: red; font-weight: bold;"></span>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">9. Key management reference</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="attributes.html">9.1. Key attributes</a></li>
<li class="toctree-l2"><a class="reference internal" href="types.html">9.2. Key types</a></li>
<li class="toctree-l2"><a class="reference internal" href="lifetimes.html">9.3. Key lifetimes</a></li>
<li class="toctree-l2"><a class="reference internal" href="ids.html">9.4. Key identifiers</a></li>
<li class="toctree-l2"><a class="reference internal" href="policy.html">9.5. Key policies</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">9.6. Key management functions</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#key-creation">9.6.1. Key creation</a></li>
<li class="toctree-l3"><a class="reference internal" href="#key-destruction">9.6.2. Key destruction</a></li>
<li class="toctree-l3"><a class="reference internal" href="#key-export">9.6.3. Key export</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
</ul>
<div id="searchbox" style="display: none" role="search">
  <h3 id="searchlabel">Quick search</h3>
    <div class="searchformwrapper">
    <form class="search" action="../../search.html" method="get">
      <input type="text" name="q" aria-labelledby="searchlabel" />
      <input type="submit" value="Go" />
    </form>
    </div>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
      <div class="clearer"></div>
    </div>
    <div class="footer">
      &copy; 2018-2020, Arm Limited or its affiliates. All rights reserved.
      
      |
      Powered by <a href="http://sphinx-doc.org/">Sphinx 2.1.2</a>
      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.12</a>
      
    </div>

    

    
  </body>
</html>