Crypto: ECDSA

The ECDSA sample shows how to sign and verify messages using SHA-256 as the hashing algorithm and the secp256r1 curve.

Overview

The sample follows these steps:

  1. First, the sample performs initialization:

    1. The Platform Security Architecture (PSA) API is initialized.

    2. A random Elliptic Curve Cryptography (ECC) key pair is generated and imported into the PSA crypto keystore.

    3. The public key of the ECDSA key pair is imported into the PSA crypto keystore.

  2. Then, ECDSA signing and verification is performed:

    1. Signing is performed using the private key of the ECC key pair.

    2. The signature is verified using the exported public key.

  3. Afterwards, the sample performs cleanup:

    1. The key pair and public key are removed from the PSA crypto keystore.

Requirements

The sample supports the following development kits:

Hardware platforms

PCA

Board name

Build target

nRF5340 DK

PCA10095

nrf5340dk_nrf5340

nrf5340dk_nrf5340_cpuappns

nRF5340 DK

PCA10095

nrf5340dk_nrf5340

nrf5340dk_nrf5340_cpuapp

nRF9160 DK

PCA10090

nrf9160dk_nrf9160

nrf9160dk_nrf9160ns

nRF9160 DK

PCA10090

nrf9160dk_nrf9160

nrf9160dk_nrf9160

nRF52840 DK

PCA10056

nrf52840dk_nrf52840

nrf52840dk_nrf52840

When built for nrf5340dk_nrf5340_cpuappns and nrf9160dk_nrf9160ns targets, the sample is configured to compile and run as a non-secure application. Therefore, it automatically includes TF-M that prepares the required peripherals to be available for the application.

Building and running

This sample can be found under samples/crypto/ecdsa in the nRF Connect SDK folder structure.

See Building and programming a sample application for information about how to build and program the application.

Testing

After programming the sample to your development kit, test it by performing the following steps:

  1. Connect to the kit with a terminal emulator (for example, PuTTY). See How to connect with PuTTY for the required settings.

  2. Compile and program the application.

  3. Observe the logs from the application using an RTT Viewer or a terminal emulator.

Note

By default, the sample is configured to use both RTT and UART for logging. If you are using RTT, skip the first step of the testing procedure.