Define AVS_COMMONS_WITH_MBEDTLS_PSA_ENGINE

Define Documentation

AVS_COMMONS_WITH_MBEDTLS_PSA_ENGINE

Enables the default implementation of avs_crypto engine, based on Mbed TLS and Platform Security Architecture (PSA).

Requires AVS_COMMONS_WITH_AVS_CRYPTO_PKI_ENGINE or AVS_COMMONS_WITH_AVS_CRYPTO_PSK_ENGINE to be enabled.

NOTE: Query string format for this engine is:

The values are parsed using strtoull() with base=0, so may be in decimal, 0-prefixed octal or 0x-prefixed hexadecimal. On key generation and certificate storage, the specified lifetime will be used, or lifetime 1 (default persistent storage) will be used if not. On key or certificate use, the lifetime of the actual key will be verified if present on the query string and the key will be rejected if different.

Certificates are stored as PSA_KEY_TYPE_RAW_DATA key entries containing X.509 DER data. Alternatively, the PSA Protected Storage API can be used if AVS_COMMONS_WITH_MBEDTLS_PSA_ENGINE_PROTECTED_STORAGE is enabled, by using the uid=... syntax.

IMPORTANT: Only available as part of the HSM support commercial feature. Ignored in the open source version.