nRF5 SDK  v17.0.2
Choose documentation:
 All Data Structures Functions Variables Typedefs Enumerations Enumerator Groups Pages
OPTIGA™ backend

The OPTIGA backend for nrf_crypto provides selected features of the Infineon OPTIGA Trust X as part of Nordic's unified nrf_crypto API.

The selected Trust X functions supported with the OPTIGA backend are:

  • Random number generation using a true random number generator (TRNG).
  • EC (elliptic curve) key generation.
  • ECDH (EC Diffie-Hellman) key agreement to compute shared secrets.
  • ECDSA signature computation and verification.
  • Encoding/decoding functions for key material to use them with the Trust X API.

The backend implementation is based on the Infineon OPTIGA™ Trust X Software Framework. Specifically, the backend uses the high-level API of the Trust X Software Framework to interface with the Trust X device. See Trust X Software Framework for more details.

Note
All APIs in this backend are intended to be internal to nrf_crypto.

Configuration

See Configuring nrf_crypto frontend and backends for details on enabling this backend.

Get familiar with the Nordic platform-specific remarks (Important information) to properly set up your project when using Trust X.

Available frontend API

For elliptic curve, Trust X currently supports the EC domains NIST P-256 and P-384.

Random number generation

Trust X can generate cryptographic-quality random numbers, using its internal true random number generator (TRNG).

EC key generation

Trust X can generate cryptographic-quality EC key pairs. A generated private key can be kept safely inside Trust X. Consequently, only the public key needs to be exported from Trust X.

ECDH key agreement

Trust X can conduct ECDH key agreement. The private key can either be supplied from the host, or a private key stored safely in Trust X can be used.

ECDSA signature computation and verification

Trust X can compute ECDSA signature using a private key stored safely and exclusively inside Trust X. Additionally, Trust X can verify signatures using a public-key certificate stored inside Trust X.

Encoding and decoding functions for ASN.1-coded signatures

The Trust X Software framework provides helper functions to convert ASN.1-coded signature value to and from its individual R and S components. See ecdsa_utils.h.

See Cryptography library - nrf_crypto for nrf_crypto APIs that can use this backend.