Cryptography is only as strong as the management of its keys. In Trusted Execution Environments (TEEs) and complex system-of-systems, poor key management can render even the strongest algorithms ineffective. The REWIRE Project recognises this and proposes a Harmonised Key Management (HKM) framework that unifies cryptographic interfaces, ensures lifecycle security, and enables crypto-agility across diverse platforms. The present blog explores the principles, design, and benefits of REWIRE’s Harmonised Key Management system.
The Key Management Challenge
Cryptographic keys underpin authentication, encryption, attestation, and sealing – fundamental operations for securing devices and data. Yet, in practice, key management is often fragmented:
- Different TEEs (Intel SGX, ARM TrustZone, AMD SEV, etc.) expose different APIs.
- Developers must master vendor-specific implementations.
- Without harmonisation, applications cannot be easily ported across platforms.
- Mismanagement of keys (e.g., weak generation, insecure storage) can compromise entire systems.
REWIRE addresses this by embedding a Key Management System (KMS) into the Security Monitor (SM). This design increases the Trusted Computing Base (TCB) size slightly, but ensures that the most critical assets are controlled by the most trusted software component.
A central innovation of REWIRE is the harmonisation of cryptographic interfaces. Instead of developers struggling with different APIs across TEE platforms, the REWIRE HKM offers a common interface layer, reducing complexity and enabling cross-platform portability. This harmonisation also promotes crypto-agility: algorithms can be replaced or upgraded (e.g., in the transition to post-quantum cryptography) without changing application logic.
Conclusion
The Harmonised Key Management system in REWIRE brings order to the complex landscape of cryptographic keys. By unifying interfaces, embedding management in the Security Monitor, and supporting diverse key types, REWIRE ensures that cryptographic strength is matched by robust management practices.
This positions REWIRE as a pioneer in confidential computing ecosystems, where keys are the foundation of trust.