TLS credentials: generate key #100760
Open
TLS credentials: generate key #100760
+246
−5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yvesll
reviewed
Dec 10, 2025
| size_t key_bits; | ||
|
|
||
| /* Initialize PSA Crypto */ | ||
| status = psa_crypto_init(); |
Contributor
There was a problem hiding this comment.
It would be better to add a mutex lock.
Contributor
Author
There was a problem hiding this comment.
psa_crypto_init can be called any number of times and will just return if already initialized. No mutex necessary.
Contributor
There was a problem hiding this comment.
Yes, but it's more safe in multi-thread environment
Contributor
Author
There was a problem hiding this comment.
what do you mean? only one thread can access this function.
Contributor
There was a problem hiding this comment.
Other threads may call psa_crypto_init(), not only generate_ecdsa_keypair.
Anyway, as the doc said it can be called in multiple times, it's just a suggestion.
Print usage hint instead of unhelpful "wrong parameter count" message. Signed-off-by: Maximilian Deubel <[email protected]>
maxd-nordic
force-pushed
the
tls_credentials_shell_generate_key_upstream
branch
from
bc10d51 to
e603035
Compare
yvesll
reviewed
Dec 10, 2025
maxd-nordic
force-pushed
the
tls_credentials_shell_generate_key_upstream
branch
from
e603035 to
aeaa27d
Compare
Add command to generate a key on-device. Currently, only p256 keys are supported. Signed-off-by: Maximilian Deubel <[email protected]>
maxd-nordic
force-pushed
the
tls_credentials_shell_generate_key_upstream
branch
3 times, most recently
from
f3c2a40 to
22923c5
Compare
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support to generate a key on-device.
Also: print usage instructions to make commands less painful to use.
We have a usecase to generate p256 keys for use with credentials shell on-device.
Possibly, the option to read the private key should be behind a Kconfig too.