Crypto: ECDSA
The ECDSA sample shows how to sign and verify messages using SHA-256 as the hashing algorithm and the secp256r1 curve.
Requirements
The sample supports the following development kits:
Hardware platforms |
PCA |
Board name |
Board target |
---|---|---|---|
PCA10153 |
|
||
PCA10090 |
|
||
PCA10171 |
|
||
PCA10156 |
|
||
PCA10095 |
|
||
PCA10056 |
|
When built for a board target with the */ns
variant, the sample is configured to compile and run as a non-secure application with Cortex-M Security Extensions enabled.
Therefore, it automatically includes Trusted Firmware-M that prepares the required peripherals and secure services to be available for the application.
Overview
The sample performs the following operations:
Initialization:
The Platform Security Architecture (PSA) API is initialized.
A random Elliptic Curve Cryptography (ECC) key pair is generated in the PSA crypto keystore for signing purposes.
The public key of the ECC key pair is exported to the application.
The exported public key is imported into the PSA crypto key storage to be used for verification.
ECDSA signing and verification:
Signing is performed using the private key of the ECC key pair.
The signature is verified using the exported public key.
Cleanup:
The key pair and public key are removed from the PSA crypto keystore.
Building and running
This sample can be found under samples/crypto/ecdsa
in the nRF Connect SDK folder structure.
When built as firmware image for a board target with the */ns
variant, the sample has Cortex-M Security Extensions (CMSE) enabled and separates the firmware between Non-Secure Processing Environment (NSPE) and Secure Processing Environment (SPE).
Because of this, it automatically includes the Trusted Firmware-M (TF-M).
To read more about CMSE, see Processing environments.
To build the sample, follow the instructions in Configuring and building an application for your preferred building environment. See also Programming an application for programming steps and Testing and optimization for general information about testing and debugging in the nRF Connect SDK.
Note
When building repository applications in the SDK repositories, building with sysbuild is enabled by default.
If you work with out-of-tree freestanding applications, you need to manually pass the --sysbuild
parameter to every build command or configure west to always use it.
Testing
After programming the sample to your development kit, complete the following steps to test it:
Connect to the kit with a terminal emulator (for example, nRF Connect Serial Terminal). See Testing and optimization for the required settings and steps.
Compile and program the application.
Observe the logs from the application using a terminal emulator.