You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: doc/crypto/api/keys/management.rst
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -496,16 +496,16 @@ When creating a key, the attributes for the new key are specified in a `psa_key_
496
496
This function can only be used to create a volatile key.
497
497
That is, a key with a lifetime persistence level of `PSA_KEY_PERSISTENCE_VOLATILE`.
498
498
499
-
Depending on the key being regsitered, the implementation can provide some or all of the key type, size, and policy.
499
+
Depending on the key being registered, the implementation can provide some or all of the key type, size, and policy.
500
500
For example:
501
501
502
502
* Provisioned key material has a fixed size.
503
503
The implementation might permit the application to define the key type and policy, as long as these are compatible with the key material.
504
504
* An implementation-specific derived key can require the application to provide a key type and size, using these in the derivation process.
505
505
* An implementation-provided key can be fully defined by the implementation, with a fixed type, size, and policy.
506
-
The call to `psa_attach_key()` needs to specify the location and label of the key, and a macthing policy, in order to obtain a key id.
506
+
The call to `psa_attach_key()` needs to specify the location and label of the key, and a matching policy, in order to obtain a key id.
507
507
508
-
Calling `psa_destroy_key()` with a key identifier returned by `psa_attach_key()` will remove the key identifer and policy from the key store, but any implementation-provided key material remains within the implementation.
508
+
Calling `psa_destroy_key()` with a key identifier returned by `psa_attach_key()` will remove the key identifier and policy from the key store, but any implementation-provided key material remains within the implementation.
509
509
A subsequent call to `psa_attach_key()` with the same parameters will return a new key identifier for the same key.
510
510
511
511
It is :scterm:`implementation defined` whether the same implementation-provided key can be attached to multiple key identifiers concurrently.
@@ -514,7 +514,7 @@ When creating a key, the attributes for the new key are specified in a `psa_key_
514
514
515
515
This function is intended for scenarios where key material is provided outside the |API|, and the application needs to use such keys within the |API| framework.
516
516
517
-
The function does not allow registering keys that are not already provided by the implementation.
517
+
The function only allows registering key material that is provided by the implementation.
518
518
To import new key material, use `psa_import_key()`.
519
519
520
520
Although the implementation verifies that the application-supplied attributes are compatible with the implementation-provided key; it is the application's responsibility to ensure correctness for attributes that are provided by the implementation.
@@ -526,7 +526,7 @@ When creating a key, the attributes for the new key are specified in a `psa_key_
526
526
Implementations may impose restrictions on which keys can be registered, depending on their storage architecture and security policies.
527
527
528
528
The behavior of a call `psa_attach_key()` with a persistent key-lifetime might be specified in a future version of the |API|.
529
-
Such a call must result in a :code:`PSA_ERROR_INVALID_ARGUMENT` error in an implementation of version |docversion| of the |API|.
529
+
At present, it is recommended that such a call returns :code:`PSA_ERROR_INVALID_ARGUMENT`, and does not provide implementation-specific behavior.
0 commit comments