Crypto: EC J-PAKE

The EC J-PAKE sample demonstrates how to do password-authenticated key exchange using the elliptic curve (EC) version of the password-authenticated key exchange by juggling (J-PAKE) protocol.

Requirements

The sample supports the following development kits:

Hardware platforms

PCA

Board name

Board target

nRF9161 DK

PCA10153

nrf9161dk

nrf9161dk/nrf9161/ns nrf9161dk/nrf9161

nRF9160 DK

PCA10090

nrf9160dk

nrf9160dk/nrf9160/ns nrf9160dk/nrf9160

nRF9151 DK

PCA10171

nrf9151dk

nrf9151dk/nrf9151/ns nrf9151dk/nrf9151

nRF54L15 PDK

PCA10156

nrf54l15pdk

nrf54l15pdk/nrf54l15/cpuapp

nRF54L15 DK

PCA10156

nrf54l15dk

nrf54l15dk/nrf54l15/cpuapp/ns nrf54l15dk/nrf54l15/cpuapp

nRF54H20 DK

PCA10175

nrf54h20dk

nrf54h20dk/nrf54h20/cpuapp

nRF5340 DK

PCA10095

nrf5340dk

nrf5340dk/nrf5340/cpuapp/ns nrf5340dk/nrf5340/cpuapp

nRF52840 DK

PCA10056

nrf52840dk

nrf52840dk/nrf52840

Overview

The sample performs the following operations:

  1. Initializes the Platform Security Architecture (PSA) API.

  2. Goes through the steps for J-PAKE on server and client sides.

  3. Verifies that the derived keys are the same.

Building and running

This sample can be found under samples/crypto/ecjpake in the nRF Connect SDK folder structure.

When built as firmware image for a board target with the */ns variant, the sample has Cortex-M Security Extensions (CMSE) enabled and separates the firmware between Non-Secure Processing Environment (NSPE) and Secure Processing Environment (SPE). Because of this, it automatically includes the Trusted Firmware-M (TF-M). To read more about CMSE, see Processing environments.

To build the sample, follow the instructions in Building an application for your preferred building environment. See also Programming an application for programming steps and Testing and optimization for general information about testing and debugging in the nRF Connect SDK.

Note

When building repository applications in the SDK repositories, building with sysbuild is enabled by default. If you work with out-of-tree freestanding applications, you need to manually pass the --sysbuild parameter to every build command or configure west to always use it.

Note

When using the nRF54H20 DK Engineering B (from v0.8.0 to 0.8.2), you must build samples and applications using the board revision 0.8.0 with the <board>@<revision> syntax. For example, nrf54h20dk@0.8.0/nrf54h20/cpuapp when building for the application core, or nrf54h20dk@0.8.0/nrf54h20/cpurad when building for the radio core.

Testing

After programming the sample to your development kit, complete the following steps to test it:

  1. Connect to the kit with a terminal emulator (for example, nRF Connect Serial Terminal). See Testing and optimization for the required settings and steps.

  2. Compile and program the application.

  3. Observe the logs from the application using a terminal emulator.