Topic: Doing private-key operations with cryptographic chips
I'm developing the firmware for an already existant hardware, that is using an ST32F207 as MCU and the VaultIC cryptographic chip from WiseKey (https://www.wisekey.com/vaultic405/).
By an strict requirement, I need to maintain the private RSA key inside the vaultic, and sign/encrypt/decrypt only using chip's API. More: The private key is protected into the chip and canot be exported or extracted.
I need to:
- Generate and sign a CSR (done)
- Handle X509 certificates (done)
- Generate and sign VERY BIG xml files, exporting them as CMS (PKCS7) (Done, but only for small files)
- Implement an HTTPS web server (partially done - working in this)
The list above is only to illustrate in which scenarios I will probably need to work with the private key. I read that WolfSSL was already adapted to a bunch of chips with hardware acceleration for cryptographic functions, but I cannot find by myself how to replace any sign/verify done by software with the same functions implemented in external chips.
So, my questions are 2:
- How to use the functions of an external cryptographic chip to replace only the RSA sing/verify functions in wolfssl?
- How to generate big signed CMS (PKCS#7) files, in environmentes with restricted working ram but with big disks in sdcard?
Thank you in advance!!