diff --git a/samples/sid_end_device/prj.conf b/samples/sid_end_device/prj.conf
index 9c80ed925b..30d0f6b877 100644
--- a/samples/sid_end_device/prj.conf
+++ b/samples/sid_end_device/prj.conf
@@ -13,6 +13,7 @@ CONFIG_LOG=y
 CONFIG_LOG_PRINTK=y
 CONFIG_LOG_BUFFER_SIZE=2048
 CONFIG_NVS_LOG_LEVEL_WRN=y
+CONFIG_SIDEWALK_CRYPTO_LOG_LEVEL_DBG=y
 
 # Bluetooth
 CONFIG_BT_DEVICE_NAME="Nordic"
diff --git a/subsys/sal/sid_pal/include/sid_crypto_keys.h b/subsys/sal/sid_pal/include/sid_crypto_keys.h
index aff250b58e..3912951992 100644
--- a/subsys/sal/sid_pal/include/sid_crypto_keys.h
+++ b/subsys/sal/sid_pal/include/sid_crypto_keys.h
@@ -9,6 +9,8 @@
 
 #include <psa/crypto.h>
 
+#define SID_CRYPTO_KEYS_ID_IS_SIDEWALK_KEY(_id) (PSA_KEY_ID_USER_MIN <= _id && _id < SID_CRYPTO_KEY_ID_LAST)
+
 /**
  * @brief Persistent psa key ids used in Sidewalk.
  */
@@ -30,15 +32,32 @@ typedef enum {
 int sid_crypto_keys_init(void);
 
 /**
- * @brief Set key value.
+ * @brief Import key value form buffer.
+ * 
+ * @note key value under given key id will be overwritten.
  * 
- * @details On success:
- * The raw key data buffer will be overwritten with key id and zeros.
- * key value under given key id will be overwritten.
+ * @param id [in] Key id to import data.
+ * @param data [in] raw key data buffer on input.
+ * @param size [in] size of raw key data buffer.
+ * @return 0 on success, or -errno on failure.
+ */
+int sid_crypto_keys_import(psa_key_id_t id, uint8_t *data, size_t size);
+
+/**
+ * @brief Generate a new key value.
+ * 
+ * @note key value under given key id will be overwritten.
+ * 
+ * @param id [in] Key id to generate new.
+ * @return 0 on success, or -errno on failure.
+ */
+int sid_crypto_keys_generate(psa_key_id_t id);
+
+/**
+ * @brief Set key id in data buffer.
  * 
- * @param id [in] Key id to set with the new data.
- * @param data [in/out] raw key data buffer on input.
- *  overwrite with key id on output.
+ * @param id [in] Key id to write to the data buffer.
+ * @param data [out] key id fulfilled with zeros.
  * @param size [in] size of raw key data buffer.
  * @return 0 on success, or -errno on failure.
  */
diff --git a/subsys/sal/sid_pal/src/sid_crypto.c b/subsys/sal/sid_pal/src/sid_crypto.c
index ba1c94d37e..ea6f9e07ab 100644
--- a/subsys/sal/sid_pal/src/sid_crypto.c
+++ b/subsys/sal/sid_pal/src/sid_crypto.c
@@ -9,6 +9,9 @@
  */
 
 #include <sid_pal_crypto_ifc.h>
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+#include <sid_crypto_keys.h>
+#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
 
 #include <zephyr/device.h>
 #include <zephyr/kernel.h>
@@ -151,6 +154,13 @@ static psa_status_t prepare_key(const uint8_t *key, size_t key_length, size_t ke
 		return PSA_ERROR_DATA_INVALID;
 	}
 
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+	int err = sid_crypto_keys_get(key_handle, (uint8_t *)key, key_length);
+	if (!err && key_handle != PSA_KEY_ID_NULL) {
+		return PSA_SUCCESS;
+	}
+#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
+
 	psa_set_key_usage_flags(&attributes, usage_flags);
 	psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
 	psa_set_key_algorithm(&attributes, alg);
@@ -365,6 +375,12 @@ static psa_status_t aead_decrypt(psa_key_handle_t key_handle, sid_pal_aead_param
 
 sid_error_t sid_pal_crypto_init(void)
 {
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+	int err = sid_crypto_keys_init();
+	if (err) {
+		LOG_WRN("Keys init failed! (err: %d)", err);
+	}
+#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
 	psa_status_t status = psa_crypto_init();
 
 	if (PSA_SUCCESS == status) {
@@ -379,6 +395,13 @@ sid_error_t sid_pal_crypto_init(void)
 
 sid_error_t sid_pal_crypto_deinit(void)
 {
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+	int err = sid_crypto_keys_deinit();
+	if (err) {
+		LOG_WRN("Keys deinit failed! (err: %d)", err);
+	}
+#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
+
 	is_initialized = false;
 	return SID_ERROR_NONE;
 }
@@ -499,9 +522,17 @@ sid_error_t sid_pal_crypto_hmac(sid_pal_hmac_params_t *params)
 			}
 		}
 
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+		if (!SID_CRYPTO_KEYS_ID_IS_SIDEWALK_KEY(key_handle)) {
+			if (PSA_SUCCESS != psa_destroy_key(key_handle)) {
+				LOG_WRN("Destroy key failed!");
+			}
+		}
+#else
 		if (PSA_SUCCESS != psa_destroy_key(key_handle)) {
 			LOG_WRN("Destroy key failed!");
 		}
+#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
 	}
 
 	return get_error(status, __func__);
@@ -576,9 +607,17 @@ sid_error_t sid_pal_crypto_aes_crypt(sid_pal_aes_params_t *params)
 			return SID_ERROR_INVALID_ARGS;
 		}
 
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+		if (!SID_CRYPTO_KEYS_ID_IS_SIDEWALK_KEY(key_handle)) {
+			if (PSA_SUCCESS != psa_destroy_key(key_handle)) {
+				LOG_WRN("Destroy key failed!");
+			}
+		}
+#else
 		if (PSA_SUCCESS != psa_destroy_key(key_handle)) {
 			LOG_WRN("Destroy key failed!");
 		}
+#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
 	}
 
 	return get_error(status, __func__);
@@ -649,9 +688,17 @@ sid_error_t sid_pal_crypto_aead_crypt(sid_pal_aead_params_t *params)
 			return SID_ERROR_INVALID_ARGS;
 		}
 
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+		if (!SID_CRYPTO_KEYS_ID_IS_SIDEWALK_KEY(key_handle)) {
+			if (PSA_SUCCESS != psa_destroy_key(key_handle)) {
+				LOG_WRN("Destroy key failed!");
+			}
+		}
+#else
 		if (PSA_SUCCESS != psa_destroy_key(key_handle)) {
 			LOG_WRN("Destroy key failed!");
 		}
+#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
 	}
 
 	return get_error(status, __func__);
@@ -715,16 +762,18 @@ sid_error_t sid_pal_crypto_ecc_dsa(sid_pal_dsa_params_t *params)
 			     ECC_FAMILY_TYPE(params->mode, type), &key_handle);
 
 	if (PSA_SUCCESS == status) {
-		LOG_DBG("Key import success.");
+		LOG_DBG("Key import success. handle %04x", key_handle);
 
 		switch (params->mode) {
 		case SID_PAL_CRYPTO_VERIFY:
+			LOG_DBG("dsa verify");
 			status = psa_verify_message(key_handle, alg, params->in, params->in_size,
 						    params->signature, params->sig_size);
 
 			break;
 		case SID_PAL_CRYPTO_SIGN: {
 			size_t out_len;
+			LOG_DBG("dsa sign");
 
 			status = psa_sign_message(key_handle, alg, params->in, params->in_size,
 						  params->signature, params->sig_size, &out_len);
@@ -733,9 +782,17 @@ sid_error_t sid_pal_crypto_ecc_dsa(sid_pal_dsa_params_t *params)
 			return SID_ERROR_INVALID_ARGS;
 		}
 
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+		if (!SID_CRYPTO_KEYS_ID_IS_SIDEWALK_KEY(key_handle)) {
+			if (PSA_SUCCESS != psa_destroy_key(key_handle)) {
+				LOG_WRN("Destroy key failed!");
+			}
+		}
+#else
 		if (PSA_SUCCESS != psa_destroy_key(key_handle)) {
 			LOG_WRN("Destroy key failed!");
 		}
+#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
 	}
 
 	return get_error(status, __func__);
@@ -796,10 +853,19 @@ sid_error_t sid_pal_crypto_ecc_ecdh(sid_pal_ecdh_params_t *params)
 		status = psa_raw_key_agreement(PSA_ALG_ECDH, priv_key_handle, pub_key, pub_key_size,
 					       params->shared_secret, params->shared_secret_sz,
 					       &out_len);
-	}
+		LOG_DBG("ecdh key agreement %s", (PSA_SUCCESS == status) ? "success." : "failed!");
 
-	if (PSA_SUCCESS != psa_destroy_key(priv_key_handle)) {
-		LOG_WRN("Destroy key failed!");
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+		if (!SID_CRYPTO_KEYS_ID_IS_SIDEWALK_KEY(priv_key_handle)) {
+			if (PSA_SUCCESS != psa_destroy_key(priv_key_handle)) {
+				LOG_WRN("Destroy key failed!");
+			}
+		}
+#else
+		if (PSA_SUCCESS != psa_destroy_key(priv_key_handle)) {
+			LOG_WRN("Destroy key failed!");
+		}
+#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
 	}
 
 	return get_error(status, __func__);
@@ -877,9 +943,17 @@ sid_error_t sid_pal_crypto_ecc_key_gen(sid_pal_ecc_key_gen_params_t *params)
 				(PSA_SUCCESS == status) ? "success." : "failed!");
 		}
 
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+		if (!SID_CRYPTO_KEYS_ID_IS_SIDEWALK_KEY(keys_handle)) {
+			if (PSA_SUCCESS != psa_destroy_key(keys_handle)) {
+				LOG_WRN("Destroy key failed!");
+			}
+		}
+#else
 		if (PSA_SUCCESS != psa_destroy_key(keys_handle)) {
 			LOG_WRN("Destroy key failed!");
 		}
+#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
 	}
 	psa_reset_key_attributes(&key_attributes);
 
diff --git a/subsys/sal/sid_pal/src/sid_crypto_keys.c b/subsys/sal/sid_pal/src/sid_crypto_keys.c
index 72b807aca3..27b65bf1d7 100644
--- a/subsys/sal/sid_pal/src/sid_crypto_keys.c
+++ b/subsys/sal/sid_pal/src/sid_crypto_keys.c
@@ -46,29 +46,15 @@ int sid_crypto_keys_init(void)
 	return err;
 }
 
-int sid_crypto_keys_set(psa_key_id_t id, uint8_t *data, size_t size)
+static void sid_crypto_keys_attributes_set(sid_crypto_key_id_t sid_key_id,
+					   psa_key_attributes_t *attr)
 {
-	/* Check arguments */
-	if (PSA_KEY_ID_NULL == id || !data || !size) {
-		return -EINVAL;
-	}
-
-	/* Remove the key if any exists */
-	psa_status_t status = PSA_ERROR_GENERIC_ERROR;
-	status = psa_destroy_key(id);
-	if (PSA_SUCCESS != status && PSA_ERROR_INVALID_HANDLE != status) {
-		LOG_ERR("psa_destroy_key failed! (err %d id %d)", status, id);
-	}
-
-	/* Configure the key attributes */
-	psa_key_id_t out_id = PSA_KEY_ID_NULL;
-	psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 	size_t key_bits = 0;
 	psa_key_usage_t usage_flags = 0;
 	psa_algorithm_t alg = PSA_ALG_NONE;
 	psa_key_type_t type = PSA_KEY_TYPE_NONE;
 
-	switch (id) {
+	switch (sid_key_id) {
 	case SID_CRYPTO_MFG_ED25519_PRIV_KEY_ID:
 		usage_flags = PSA_KEY_USAGE_SIGN_HASH;
 		alg = PSA_ALG_PURE_EDDSA;
@@ -91,35 +77,89 @@ int sid_crypto_keys_set(psa_key_id_t id, uint8_t *data, size_t size)
 		key_bits = 128;
 		/* TODO: What if one key can be used with two algs, eg PSA_ALG_CMAC and PSA_ALG_CTR? Should it be saved twice? */
 		break;
-	default:
-		LOG_ERR("Unknow persistent key id %d", id);
-		return -ENOENT;
+	case SID_CRYPTO_KEY_ID_LAST:
+		LOG_ERR("Unsupported key id %d", sid_key_id);
 	}
 
-	psa_reset_key_attributes(&attributes);
-	psa_set_key_usage_flags(&attributes, usage_flags);
-	psa_set_key_algorithm(&attributes, alg);
-	psa_set_key_type(&attributes, type);
-	psa_set_key_bits(&attributes, key_bits);
+	psa_reset_key_attributes(attr);
+	psa_set_key_usage_flags(attr, usage_flags);
+	psa_set_key_algorithm(attr, alg);
+	psa_set_key_type(attr, type);
+	psa_set_key_bits(attr, key_bits);
 
-	psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_PERSISTENT);
-	psa_set_key_id(&attributes, id);
+	psa_set_key_lifetime(attr, PSA_KEY_LIFETIME_PERSISTENT);
+	psa_set_key_id(attr, sid_key_id);
+}
+
+int sid_crypto_keys_import(psa_key_id_t id, uint8_t *data, size_t size)
+{
+	/* Check arguments */
+	if (PSA_KEY_ID_NULL == id || !data || !size) {
+		return -EINVAL;
+	}
+
+	/* Remove the key if any exists */
+	psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+	status = psa_destroy_key(id);
+	if (PSA_SUCCESS != status && PSA_ERROR_INVALID_HANDLE != status) {
+		LOG_WRN("psa_destroy_key failed! (err %d id %d)", status, id);
+	}
+
+	/* Configure the key attributes */
+	psa_key_id_t out_id = PSA_KEY_ID_NULL;
+	psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+	sid_crypto_keys_attributes_set(id, &attributes);
 
 	/* Import key to secure storage */
 	status = psa_import_key(&attributes, data, size, &out_id);
 	if (PSA_SUCCESS == status && out_id == id) {
 		LOG_HEXDUMP_DBG(data, size, "found new key: ");
 	} else {
-		LOG_ERR("psa_import_key failed! (err %d id %d)", status, out_id);
+		LOG_ERR("psa_import_key failed! (err %d id %d)", status, id);
 		return -EACCES;
 	}
 
-	/* Clear key data other then key id*/
-	memset(data, 0, size);
-	psa_key_id_t *data_id = (psa_key_id_t *)data;
-	*data_id = id;
-	LOG_HEXDUMP_DBG(data, size, "saved new key: ");
+	/* Clear key data */
+	status = psa_purge_key(id);
+	if (status != PSA_SUCCESS) {
+		LOG_ERR("psa_purge_key failed! (err %d id %d)", status, id);
+		return -EFAULT;
+	}
+
+	psa_reset_key_attributes(&attributes);
 
+	return ESUCCESS;
+}
+
+int sid_crypto_keys_generate(psa_key_id_t id)
+{
+	/* Check arguments */
+	if (PSA_KEY_ID_NULL == id) {
+		return -EINVAL;
+	}
+
+	/* Remove the key if any exists */
+	psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+	status = psa_destroy_key(id);
+	if (PSA_SUCCESS != status && PSA_ERROR_INVALID_HANDLE != status) {
+		LOG_WRN("psa_destroy_key failed! (err %d id %d)", status, id);
+	}
+
+	/* Configure the key attributes */
+	psa_key_id_t out_id = PSA_KEY_ID_NULL;
+	psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+	sid_crypto_keys_attributes_set(id, &attributes);
+
+	/* Generate key in secure storage */
+	status = psa_generate_key(&attributes, &out_id);
+	if (PSA_SUCCESS == status && out_id == id) {
+		LOG_DBG("key generation success");
+	} else {
+		LOG_ERR("psa_import_key failed! (err %d id %d)", status, id);
+		return -EACCES;
+	}
+
+	/* Clear key data */
 	status = psa_purge_key(id);
 	if (status != PSA_SUCCESS) {
 		LOG_ERR("psa_purge_key failed! (err %d id %d)", status, id);
@@ -131,6 +171,22 @@ int sid_crypto_keys_set(psa_key_id_t id, uint8_t *data, size_t size)
 	return ESUCCESS;
 }
 
+int sid_crypto_keys_set(psa_key_id_t id, uint8_t *data, size_t size)
+{
+	/* Check arguments */
+	if (PSA_KEY_ID_NULL == id || !data || size < sizeof(psa_key_id_t)) {
+		return -EINVAL;
+	}
+
+	/* Save key id to buffer */
+	memset(data, 0, size);
+	psa_key_id_t *data_id = (psa_key_id_t *)data;
+	*data_id = id;
+	LOG_HEXDUMP_DBG(data, size, "saved new key: ");
+
+	return ESUCCESS;
+}
+
 int sid_crypto_keys_get(psa_key_id_t *id, uint8_t *data, size_t size)
 {
 	if (!id || !data || !size) {
@@ -142,7 +198,7 @@ int sid_crypto_keys_get(psa_key_id_t *id, uint8_t *data, size_t size)
 
 	/* Check if a key data cosists only of key id and zeros */
 	psa_key_id_t *data_id = (psa_key_id_t *)data;
-	if (SID_CRYPTO_KEY_ID_LAST <= *data_id || PSA_KEY_ID_USER_MIN > *data_id) {
+	if (!SID_CRYPTO_KEYS_ID_IS_SIDEWALK_KEY(*data_id)) {
 		return -ENOENT;
 	}
 
diff --git a/subsys/sal/sid_pal/src/sid_mfg_storage.c b/subsys/sal/sid_pal/src/sid_mfg_storage.c
index ff2012ec21..c01e727f84 100644
--- a/subsys/sal/sid_pal/src/sid_mfg_storage.c
+++ b/subsys/sal/sid_pal/src/sid_mfg_storage.c
@@ -10,6 +10,9 @@
 
 #include <sid_pal_mfg_store_ifc.h>
 #include <sid_error.h>
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+#include <sid_crypto_keys.h>
+#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
 
 #include <stdint.h>
 #include <stdio.h>
@@ -60,6 +63,11 @@ static const uint32_t MFG_WORD_SIZE = 4; // in bytes
 #define MFG_STORE_TLV_TAG_EMPTY 0xFFFF
 #define EXPAND_TO_MULTIPLE_WORD(_VALUE_) (((_VALUE_ + 3) / 4) * 4)
 
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+#define SID_PAL_MFG_STORE_DEVICE_PRIV_ED25519_RAW (100)
+#define SID_PAL_MFG_STORE_DEVICE_PRIV_P256R1_RAW (101)
+#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
+
 struct sid_pal_mfg_store_tlv_info {
 	uint16_t tag;
 	uint16_t length;
@@ -283,6 +291,37 @@ void sid_pal_mfg_store_init(sid_pal_mfg_store_region_t mfg_store_region)
 	if (!flash_dev) {
 		LOG_ERR("Flash device is not found.");
 	}
+
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+	int rc = 0;
+	uint8_t raw_key[32];
+	uint8_t zeros[32] = { 0 };
+
+	sid_pal_mfg_store_read(SID_PAL_MFG_STORE_DEVICE_PRIV_ED25519_RAW, raw_key, sizeof(raw_key));
+	if (0 != memcmp(raw_key, zeros, sizeof(raw_key))) {
+		rc = sid_crypto_keys_import(SID_CRYPTO_MFG_ED25519_PRIV_KEY_ID, raw_key,
+					    sizeof(raw_key));
+		LOG_INF("MFG_ED25519 import %s", (0 == rc) ? "success" : "failure");
+		LOG_HEXDUMP_INF(raw_key, sizeof(raw_key), "value:");
+		memset(raw_key, 0, sizeof(raw_key));
+		rc = sid_pal_mfg_store_write(SID_PAL_MFG_STORE_DEVICE_PRIV_ED25519_RAW, raw_key,
+					     sizeof(raw_key));
+		LOG_INF("MFG_ED25519 overwrite status %d", rc);
+	}
+
+	sid_pal_mfg_store_read(SID_PAL_MFG_STORE_DEVICE_PRIV_P256R1_RAW, raw_key, sizeof(raw_key));
+	if (0 != memcmp(raw_key, zeros, sizeof(raw_key))) {
+		rc = sid_crypto_keys_import(SID_CRYPTO_MFG_SECP_256R1_PRIV_KEY_ID, raw_key,
+					    sizeof(raw_key));
+		LOG_INF("MFG_SECP_256R1 import %s", (0 == rc) ? "success" : "failure");
+		LOG_HEXDUMP_INF(raw_key, sizeof(raw_key), "value:");
+		memset(raw_key, 0, sizeof(raw_key));
+		rc = sid_pal_mfg_store_write(SID_PAL_MFG_STORE_DEVICE_PRIV_P256R1_RAW, raw_key,
+					     sizeof(raw_key));
+		LOG_INF("MFG_SECP_256R1 overwrite status %d", rc);
+	}
+
+#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
 }
 
 void sid_pal_mfg_store_deinit(void)
@@ -394,6 +433,27 @@ int32_t sid_pal_mfg_store_write(uint16_t value, const uint8_t *buffer, uint16_t
 
 void sid_pal_mfg_store_read(uint16_t value, uint8_t *buffer, uint16_t length)
 {
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+	switch (value) {
+	case SID_PAL_MFG_STORE_DEVICE_PRIV_ED25519:
+		if (sid_crypto_keys_set(SID_CRYPTO_MFG_ED25519_PRIV_KEY_ID, buffer, length)) {
+			LOG_ERR("DEVICE_PRIV_ED25519 read fail");
+		}
+		return;
+	case SID_PAL_MFG_STORE_DEVICE_PRIV_P256R1:
+		if (sid_crypto_keys_set(SID_CRYPTO_MFG_SECP_256R1_PRIV_KEY_ID, buffer, length)) {
+			LOG_ERR("DEVICE_PRIV_P256R1 read fail");
+		}
+		return;
+	case SID_PAL_MFG_STORE_DEVICE_PRIV_ED25519_RAW:
+		value = SID_PAL_MFG_STORE_DEVICE_PRIV_ED25519;
+		break;
+	case SID_PAL_MFG_STORE_DEVICE_PRIV_P256R1_RAW:
+		value = SID_PAL_MFG_STORE_DEVICE_PRIV_P256R1;
+		break;
+	}
+#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
+
 	uint32_t version = sid_pal_mfg_store_get_version();
 	if (version == SID_PAL_MFG_STORE_TLV_VERSION) {
 		// The SID_PAL_MFG_STORE_VERSION we should read as fixed offset
diff --git a/tests/functional/crypto_keys/src/main.c b/tests/functional/crypto_keys/src/main.c
index 5c8960a95c..f8d31d85bd 100644
--- a/tests/functional/crypto_keys/src/main.c
+++ b/tests/functional/crypto_keys/src/main.c
@@ -50,6 +50,12 @@ ZTEST(crypto_keys, test_sid_crypto_key_invalid_args)
 	err = sid_crypto_keys_set(test_key_id, key_data, 0);
 	zassert_equal(-EINVAL, err, "err: %d", err);
 
+	err = sid_crypto_keys_import(test_key_id, NULL, TEST_KEY_SIZE);
+	zassert_equal(-EINVAL, err, "err: %d", err);
+
+	err = sid_crypto_keys_import(test_key_id, key_data, 0);
+	zassert_equal(-EINVAL, err, "err: %d", err);
+
 	/* Invalid key id */
 	err = sid_crypto_keys_get(NULL, key_data, TEST_KEY_SIZE);
 	zassert_equal(-EINVAL, err, "err: %d", err);
@@ -57,9 +63,11 @@ ZTEST(crypto_keys, test_sid_crypto_key_invalid_args)
 	err = sid_crypto_keys_set(PSA_KEY_ID_NULL, key_data, TEST_KEY_SIZE);
 	zassert_equal(-EINVAL, err, "err: %d", err);
 
-	/* Unknow key id */
-	err = sid_crypto_keys_set(SID_CRYPTO_KEY_ID_LAST, key_data, TEST_KEY_SIZE);
-	zassert_equal(-ENOENT, err, "err: %d", err);
+	err = sid_crypto_keys_import(PSA_KEY_ID_NULL, key_data, TEST_KEY_SIZE);
+	zassert_equal(-EINVAL, err, "err: %d", err);
+
+	err = sid_crypto_keys_generate(PSA_KEY_ID_NULL);
+	zassert_equal(-EINVAL, err, "err: %d", err);
 }
 
 ZTEST(crypto_keys, test_sid_crypto_key_positive)
@@ -71,34 +79,12 @@ ZTEST(crypto_keys, test_sid_crypto_key_positive)
 	err = sid_crypto_keys_init();
 	zassert_equal(0, err, "err: %d", err);
 
-	err = sid_crypto_keys_set(test_key_id, test_key_data, TEST_KEY_SIZE);
-	zassert_equal(0, err, "err: %d", err);
-
-	err = sid_crypto_keys_get(&new_key_id, test_key_data, TEST_KEY_SIZE);
-	zassert_equal(0, err, "err: %d", err);
-
-	zassert_equal(new_key_id, test_key_id);
-
-	err = sid_crypto_keys_deinit();
-	zassert_equal(0, err, "err: %d", err);
-}
-
-ZTEST(crypto_keys, test_sid_crypto_key_set_twice)
-{
-	uint8_t test_key_data[TEST_KEY_SIZE];
-	uint8_t test_key_data_overwrite[TEST_KEY_SIZE];
-	psa_key_id_t new_key_id = PSA_KEY_ID_NULL;
-	int err = -ENOEXEC;
-
-	err = sid_crypto_keys_init();
+	err = sid_crypto_keys_import(test_key_id, test_key_data, TEST_KEY_SIZE);
 	zassert_equal(0, err, "err: %d", err);
 
 	err = sid_crypto_keys_set(test_key_id, test_key_data, TEST_KEY_SIZE);
 	zassert_equal(0, err, "err: %d", err);
 
-	err = sid_crypto_keys_set(test_key_id, test_key_data_overwrite, TEST_KEY_SIZE);
-	zassert_equal(0, err, "err: %d", err);
-
 	err = sid_crypto_keys_get(&new_key_id, test_key_data, TEST_KEY_SIZE);
 	zassert_equal(0, err, "err: %d", err);