Why are there 3 slots for keys?

#1

In the Python reference API there is a key slot=0 argument that may be passed into several funtions, but with just one private key in hardware, Im not sure what the purpose of multiple slots is, or how to effectively use them.

#2

I too have been looking for a way to store/retrieve an SSH key on the Zymkey (slots) but documentation is lacking/unclear, as is my intelligence. :slight_smile:

#3

There are actually 3 ECDSA private keys available in Zymkey 4i. The next generation product will have even more.

There are quite a few use cases where multiple key slots (i.e. multiple private keys):

  1. if you wanted to provide different credentials to different servers with client-side authentication
  2. if you wanted to provide a key rotation scheme against a similarly equipped server
  3. if you wanted a different key for signing individual egress data messages from the one used in the TLS handshake.
  4. if you wanted a unique key for signing data resident on the SD card
#4

Zymkey doesn’t store anything internally, but it does provide lock/unlock APIs for data blobs that reside on the SD card (e.g. SSH keys).