Encryption using secure element/domain keys

[osbock]

I was under, the perhaps mistaken, impression, that I could ask the system to encrypt something for me using the system's pre-set keys.
with globalplatformpro tool I can set the --key-dec --key-enc etc. I'm interested in symmetric encryption, so card generated keys are kindof out.

I was thinking I could use --key-enc (DEK key) and have the card encrypt stuff for me. on the back end I would have the key I originally specified to do the decryption. I thought I had found a sample code for this, but now my google-fu has failed me.

If this doesn't work, I assume I have to implement my own set-key method, and persistently store the key object. Any other pointers on this?

[roundtable]

Yes, you may misunderstand the purpose of key-enc (DEK key), which is used to establish secure Communication channel between SE and external entity to loading or personalizing application instead of general purpose cipher. If you want to use SE to encrypt or decrypt data for you, you should write your own specific application to pocess your defined commands.