Forum Discussion

RVCA's avatar
RVCA
Icon for New Contributor rankNew Contributor
2 years ago

Encrypted Key Programming file security

During production we program a Primary Encryption Key into our Arria10-based devices using a JAM™ Standard Test and Programming Language (STAPL) Format (.jam) file, generated from an Encrypted Key Programming (.ekp) file.

These files are generated on our secure signing and encryption server. It is not workable to have the production systems contact this server to generate the files for each board we produce, so these are stored locally on a server in our production environment. The only guidance Intel provides here is a recommendation to "keep these files confidential".

As we are assessing the security of our production systems, we would like to know the impact of an attacker gaining access to these files. Would it be feasible to extract the plaintext encryption keys from them? Or is the risk limited to creation of counterfeit products using our keys?

4 Replies

  • NurAiman_M_Intel's avatar
    NurAiman_M_Intel
    Icon for Super Contributor rankSuper Contributor
    2 years ago

    Hi,


    Thank you for contacting Intel community.


    Keeping the ekp file secure is recommended. However, the impact of an attacker gaining access to these files are beyond our scope as this is related to your security system. If anyone has the access to the ekp file, they may have access to the programming file.


    Regards,

    Aiman


    • RVCA's avatar
      RVCA
      Icon for New Contributor rankNew Contributor
      2 years ago

      That's not really answering my questions. I know you can't judge the full impact, but can you at least provide some guidance on how the .ekp file protects the keys?

  • NurAiman_M_Intel's avatar
    NurAiman_M_Intel
    Icon for Super Contributor rankSuper Contributor
    2 years ago

    Hi,


    Apologize if my previous response did not answer to your question.


    Th design was encrypted by enabling the design security. Hence the .ekp file is the key to decrypt the design that has been secure. That is the reason why the .ekp file must be kept confidential.


    Let me know if you need further information.


    Regards,

    Aiman


  • NurAiman_M_Intel's avatar
    NurAiman_M_Intel
    Icon for Super Contributor rankSuper Contributor
    2 years ago

    We do not receive any response from you to the previous answer that I have provided. This thread will be transitioned to community support. If you have a new question, feel free to open a new thread to get the support from Intel experts. Otherwise, the community users will continue to help you on this thread. Thank you