NitroKey 3 and OpenSC / PKCS#11 (Linux)

Nitrokeys
1

Hey,

I recently bought the NitroKey 3A NFC due to the fact it claims it supports ed25519 / curve25519 ; eddsa and with PKCS#11.

I followed all the documentation and i manage to connect with the pynitrokey.

But when i try to use opensc tools, pkcs11-tool or sc-hsm-tool it cannot detect the reader.

$ opensc-tool --list-readers
No smart card readers found.

Although with pynitrokey package:

$ nitropy nk3 list
Command line tool to interact with Nitrokey devices 0.4.36
:: 'Nitrokey 3' keys
/dev/hidraw0: Nitrokey 3 5385BDB477128B52835FC847AC8C62F0

Would appreciate the help.

I’m using Debian:bullseye

2

Development is currently done (and works quite nice, but is still subject to change) for an Trussed app running on the Nitrokey 3. When this is installed, it behaves as a regular OpenPGP Card and also supports PKCS#11.

3

Thanks for the reply @nku .

I don’t quite understand. What’s installed? The openPgp card framework?

Could you provide some examples how to use the nitrokey 3A for eddsa / ed25519? That trussed framework only seems to support ECDSA over NIST prime curves,RSA and ECDH for curve25519. Eddsa should be over Edwards25519 (not Curve)?

Have you also tried to get it working with the regular tools, like opensc & pkcs11-tool ?

Thanks

4

Just did a test with my NK3-A Mini. While gpg reports a OpenPGP 3.4 compatible card, opensc-tool -c openpgp does not recognize it. I thought that this would work identical with other OpenPGP cards. It is still alpha, maybe not all OpenPGP features are implemented, yet.

5

Thank for the reply @nku ;

I don’t quite understand what gpg or OpenPGP has to do with this. PKCS#11 is just a standard interface; if a device claims to support it, it should work the same regardless of what application / device it’s using it; assuming we have the necessary specific device drivers though.

NitroKey 3A NFC claims to support PKCS#11 and EdDSA over ed25519; I can’t see that this is the case. Do you know of any other application that might be able to connect to the nitro key and show that it does in fact support this?

Maybe some other application (other than OpenPGP) that can do it ?

Thanks

6

For OpenPGP compatible cards there is a module for PKCS#11 and it would be the easiest integration.

7

Sorry @nku i don’t understand in what way OpenPGP compatible cards is related to the NitroKey 3A PKCS#11 / eddsa support?

Can you point me to a working example, regardless of the PKCS client, on how to use the nitrokey with PKCS#11 for EdDSA?

8

Frankly, I sometimes wonder what kind of product Nitrokey 3 really is.

Out of the box it is not an PKCS#11-compatible crypto token.

Looks like there is NFC hardware that sometimes works and we can touch the Nitrokey to have web authentication working (MTCH101 chip if I get it right).

There is SE050 secure element from NXP (running JCOP proprietary operating system with probably their JavaCard applet), but I am not sure it is usable right now. And if I understand What is trussed? correctly using a closed-firmware secure element is a non-goal. So while the Common Criteria EAL 6 compliance is advertised, a home-made firmware is written to do the same in software?

It looks like there is some hope to deliver some interesting features that will be written in the upcoming Rust firmware.

9

hey hey,

generally the product page in the shop contains a paragraph headlined with “IMPORTANT NOTICE” it clearly states what’s possible right now and that further functionality will be delivered via software updates.

To create transparency for this process we have introduced the blog, there are regular posts about the progress of the alpha/test firmware and the stable firmware, which also state which functionalities are currently available through the respective firmware variant:

Those are the latest two for the Test and Stable variant. There you’ll find that OpenPGPCard is not (yet) in stable. We expect this to happen within the next weeks as OpenPGPCard looks quite stable right now.

The Nitrokey 3 is equipped with the SE050 Secure Element, although you are right it is currently not used. We decided for a software only implementation of most features first as this serves as the fallback solution, especially for people not trusting in proprietary components like the SE050 (the Nitrokey Start exists also for a reason).

We are also actively developing within the Trussed ecosystem and have extended it to be able to offload specific portions to other so-called “backends”. One of the next targets is to allow the decision for the user whether one would like to use the SE050 as a backend for e.g., OpenPGP Card (all cryptographic primitives and storage) or not. This will then be configurable.

@bmartins please check the linked blog posts, the current stable firmware does not support OpenPGPCard/PKCS#11, but the test firmware indeed does! Although, please keep in mind that this is not yet considered “production-ready”, but this will change very soon as the OpenPGP Card function has nearly reached its stable state.

Hope this clears up some things,
best

1 Like
10

Appreciate the reply @daringer .

Although trying to update to the alpha firmware does not work either

Do you want to perform the firmware update now? [y/N]: y

Please press the touch button to reboot the device into bootloader mode ...

Critical error:
An unhandled exception occurred
	Exception encountered: RuntimeError("generator didn't stop after throw()")

--------------------------------------------------------------------------------
Critical error occurred, exiting now
Unexpected? Is this a bug? Would you like to get support/help?
- You can report issues at: https://support.nitrokey.com/
- Writing an e-mail to support@nitrokey.com is also possible
- Please attach the log: '/tmp/nitropy.log.zxt09je0' with any support/help request!
- Please check if you have udev rules installed: https://docs.nitrokey.com/nitrokey3/linux/firmware-update.html#troubleshooting

Exception ignored in: <generator object Updater._get_bootloader at 0x7db87c732e40>
RuntimeError: generator ignored GeneratorExit

Any clues? Thanks

Again, even with a notice (that isn’t that obvious) saying that it requires future firmware flashing… claiming that is supports some of those protocols and crypto schemes is misleading. A lot of people won’t even know how to flash firmware and expect to buy a product that works out of the box.

Disappointed :confused:

1 Like
11

No, not yet we are looking into it. It would be helpful if you could send us your log as described in the error message.

12

hey @daringer

Here’s the log

$ cat /tmp/nitropy.log.tv7_63dg
302        INFO pynitrokey.cli Timestamp: 2023-04-24 18:08:27.004385
302        INFO pynitrokey.cli OS: uname_result(system='Linux', node='nitro', release='5.10.90-1.fc32.qubes.x86_64', version='#1 SMP Thu Jan 13 20:46:58 CET 2022', machine='x86_64')
302        INFO pynitrokey.cli Python version: 3.9.2
304        INFO pynitrokey.cli pynitrokey version: 0.4.36
305        INFO pynitrokey.cli cryptography version: 36.0.2
306        INFO pynitrokey.cli ecdsa version: 0.18.0
307        INFO pynitrokey.cli fido2 version: 1.1.1
308        INFO pynitrokey.cli pyusb version: 1.2.1
309        INFO pynitrokey.cli spsdk version: 1.7.1
700        INFO  libusbsio Loading SIO library: /home/user/.local/pipx/venvs/pynitrokey/lib/python3.9/site-packages/libusbsio/bin/linux_x86_64/libusbsio.so
701        INFO  libusbsio HID enumeration[39676960]: initialized
701       DEBUG  libusbsio HID enumeration[39676960]: device #0: Nitrokey 3
702        INFO  libusbsio HID enumeration[39676960]: finished, total 1 devices
834        INFO pynitrokey.nk3.updates Firmware version before update: v1.2.0
834        INFO pynitrokey.nk3.updates Downloading firmare version v1.3.1-test.20230417
837       DEBUG urllib3.connectionpool Starting new HTTPS connection (1): api.github.com:443
1556      DEBUG urllib3.connectionpool https://api.github.com:443 "GET /repos/Nitrokey/nitrokey-3-firmware/releases/tags/v1.3.1-test.20230417 HTTP/1.1" 200 None
1631       INFO pynitrokey.nk3.updates Current firmware version: v1.2.0
1631       INFO pynitrokey.nk3.updates Updated firmware version: v1.3.1-test.20230417
3646       INFO pynitrokey.nk3.updates Trying to download firmware update from URL: https://github.com/Nitrokey/nitrokey-3-firmware/releases/download/v1.3.1-test.20230417/firmware-nk3-v1.3.1-test.20230417.zip
3647      DEBUG urllib3.connectionpool Starting new HTTPS connection (1): github.com:443
4980      DEBUG urllib3.connectionpool https://github.com:443 "GET /Nitrokey/nitrokey-3-firmware/releases/download/v1.3.1-test.20230417/firmware-nk3-v1.3.1-test.20230417.zip HTTP/1.1" 302 0
4981      DEBUG urllib3.connectionpool Starting new HTTPS connection (1): objects.githubusercontent.com:443
5659      DEBUG urllib3.connectionpool https://objects.githubusercontent.com:443 "GET /github-production-release-asset-2e65be/366410832/67f5055f-a902-4b20-a81c-0b39673c0764?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230424%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230424T180832Z&X-Amz-Expires=300&X-Amz-Signature=adc6b0fd2898e2c6c8f3588d25dfb82b453c236611a482a42a6424c38f847988&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=366410832&response-content-disposition=attachment%3B%20filename%3Dfirmware-nk3-v1.3.1-test.20230417.zip&response-content-type=application%2Foctet-stream HTTP/1.1" 200 918277
6487      DEBUG       root print: Current firmware version:  v1.2.0
6487      DEBUG       root print: Updated firmware version:  v1.3.1-test.20230417
6487      DEBUG       root print: Please do not remove the Nitrokey 3 or insert any other Nitrokey 3 devices during the update. Doing so may damage the Nitrokey 3.
8214      DEBUG       root print: Please press the touch button to reboot the device into bootloader mode ...
10395     DEBUG pynitrokey.nk3.device./dev/hidraw0 ignoring OSError after reboot
Traceback (most recent call last):
  File "/home/user/.local/pipx/venvs/pynitrokey/lib/python3.9/site-packages/pynitrokey/nk3/device.py", line 92, in reboot
    self._call(Command.UPDATE)
  File "/home/user/.local/pipx/venvs/pynitrokey/lib/python3.9/site-packages/pynitrokey/nk3/device.py", line 133, in _call
    response = self.device.call(command.value, data=data)
  File "/home/user/.local/pipx/venvs/pynitrokey/lib/python3.9/site-packages/fido2/hid/__init__.py", line 191, in call
    recv = self._connection.read_packet()
  File "/home/user/.local/pipx/venvs/pynitrokey/lib/python3.9/site-packages/fido2/hid/base.py", line 80, in read_packet
    return os.read(self.handle, self.descriptor.report_size_in)
OSError: [Errno 5] Input/output error
10404     DEBUG pynitrokey.nk3.updates Trying to connect to bootloader (try 1 of 3)
10404     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 1 of 30)
10404      INFO  libusbsio HID enumeration[39670272]: initialized
10404      INFO  libusbsio HID enumeration[39670272]: finished, total 0 devices
10417     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
10917     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 2 of 30)
10918      INFO  libusbsio HID enumeration[34679328]: initialized
10918      INFO  libusbsio HID enumeration[34679328]: finished, total 0 devices
10923     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
11424     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 3 of 30)
11425      INFO  libusbsio HID enumeration[38601360]: initialized
11425      INFO  libusbsio HID enumeration[38601360]: finished, total 0 devices
11431     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
11931     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 4 of 30)
11932      INFO  libusbsio HID enumeration[39253008]: initialized
11932      INFO  libusbsio HID enumeration[39253008]: finished, total 0 devices
11937     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
12438     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 5 of 30)
12439      INFO  libusbsio HID enumeration[39437072]: initialized
12439      INFO  libusbsio HID enumeration[39437072]: finished, total 0 devices
12461     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
12962     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 6 of 30)
12962      INFO  libusbsio HID enumeration[33996480]: initialized
12963      INFO  libusbsio HID enumeration[33996480]: finished, total 0 devices
12979     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
13479     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 7 of 30)
13480      INFO  libusbsio HID enumeration[35467696]: initialized
13480      INFO  libusbsio HID enumeration[35467696]: finished, total 0 devices
13486     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
13987     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 8 of 30)
13987      INFO  libusbsio HID enumeration[41360352]: initialized
13987      INFO  libusbsio HID enumeration[41360352]: finished, total 0 devices
14002     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
14503     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 9 of 30)
14504      INFO  libusbsio HID enumeration[39670272]: initialized
14504      INFO  libusbsio HID enumeration[39670272]: finished, total 0 devices
14512     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
15013     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 10 of 30)
15013      INFO  libusbsio HID enumeration[34679328]: initialized
15013      INFO  libusbsio HID enumeration[34679328]: finished, total 0 devices
15017     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
15518     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 11 of 30)
15518      INFO  libusbsio HID enumeration[38601360]: initialized
15519      INFO  libusbsio HID enumeration[38601360]: finished, total 0 devices
15525     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
16026     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 12 of 30)
16027      INFO  libusbsio HID enumeration[39253008]: initialized
16027      INFO  libusbsio HID enumeration[39253008]: finished, total 0 devices
16041     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
16541     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 13 of 30)
16542      INFO  libusbsio HID enumeration[39437072]: initialized
16542      INFO  libusbsio HID enumeration[39437072]: finished, total 0 devices
16547     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
17048     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 14 of 30)
17048      INFO  libusbsio HID enumeration[33996480]: initialized
17048      INFO  libusbsio HID enumeration[33996480]: finished, total 0 devices
17054     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
17554     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 15 of 30)
17555      INFO  libusbsio HID enumeration[35467696]: initialized
17555      INFO  libusbsio HID enumeration[35467696]: finished, total 0 devices
17560     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
18061     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 16 of 30)
18062      INFO  libusbsio HID enumeration[41360352]: initialized
18062      INFO  libusbsio HID enumeration[41360352]: finished, total 0 devices
18073     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
18574     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 17 of 30)
18575      INFO  libusbsio HID enumeration[39670272]: initialized
18576      INFO  libusbsio HID enumeration[39670272]: finished, total 0 devices
18588     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
19089     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 18 of 30)
19090      INFO  libusbsio HID enumeration[34679328]: initialized
19090      INFO  libusbsio HID enumeration[34679328]: finished, total 0 devices
19104     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
19605     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 19 of 30)
19605      INFO  libusbsio HID enumeration[38601360]: initialized
19605      INFO  libusbsio HID enumeration[38601360]: finished, total 0 devices
19620     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
20121     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 20 of 30)
20122      INFO  libusbsio HID enumeration[39253008]: initialized
20122      INFO  libusbsio HID enumeration[39253008]: finished, total 0 devices
20126     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
20627     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 21 of 30)
20628      INFO  libusbsio HID enumeration[39437072]: initialized
20628      INFO  libusbsio HID enumeration[39437072]: finished, total 0 devices
20632     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
21133     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 22 of 30)
21133      INFO  libusbsio HID enumeration[33996480]: initialized
21133      INFO  libusbsio HID enumeration[33996480]: finished, total 0 devices
21138     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
21639     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 23 of 30)
21639      INFO  libusbsio HID enumeration[35467696]: initialized
21639      INFO  libusbsio HID enumeration[35467696]: finished, total 0 devices
21644     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
22145     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 24 of 30)
22145      INFO  libusbsio HID enumeration[41360352]: initialized
22145      INFO  libusbsio HID enumeration[41360352]: finished, total 0 devices
22150     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
22650     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 25 of 30)
22651      INFO  libusbsio HID enumeration[39670272]: initialized
22651      INFO  libusbsio HID enumeration[39670272]: finished, total 0 devices
22657     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
23158     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 26 of 30)
23158      INFO  libusbsio HID enumeration[34679328]: initialized
23158      INFO  libusbsio HID enumeration[34679328]: finished, total 0 devices
23164     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
23664     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 27 of 30)
23665      INFO  libusbsio HID enumeration[38601360]: initialized
23665      INFO  libusbsio HID enumeration[38601360]: finished, total 0 devices
23670     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
24171     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 28 of 30)
24172      INFO  libusbsio HID enumeration[39253008]: initialized
24172      INFO  libusbsio HID enumeration[39253008]: finished, total 0 devices
24177     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
24678     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 29 of 30)
24679      INFO  libusbsio HID enumeration[39437072]: initialized
24679      INFO  libusbsio HID enumeration[39437072]: finished, total 0 devices
24684     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
25185     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 30 of 30)
25185      INFO  libusbsio HID enumeration[33996480]: initialized
25185      INFO  libusbsio HID enumeration[33996480]: finished, total 0 devices
25190     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
25190     DEBUG       root print: Critical error:
25190     DEBUG       root print: No Nitrokey 3 bootloader device found
25190     DEBUG       root listing all connected devices:
25190     DEBUG       root :: 'Nitrokey FIDO2' keys
25190     DEBUG       root :: 'Nitrokey Start' keys:
25200     DEBUG       root :: 'Nitrokey 3' keys
25201      INFO  libusbsio HID enumeration[39437072]: initialized
25201      INFO  libusbsio HID enumeration[39437072]: finished, total 0 devices
25207     DEBUG       root print: --------------------------------------------------------------------------------
25207     DEBUG       root print: Critical error occurred, exiting now
25207     DEBUG       root print: Unexpected? Is this a bug? Would you like to get support/help?
25207     DEBUG       root print: - You can report issues at: https://support.nitrokey.com/
25207     DEBUG       root print: - Writing an e-mail to support@nitrokey.com is also possible
25207     DEBUG       root print: - Please attach the log: '/tmp/nitropy.log.tv7_63dg' with any support/help request!
25207     DEBUG       root print: - Please check if you have udev rules installed: https://docs.nitrokey.com/nitrokey3/linux/firmware-update.html#troubleshooting
13

Ok, although the error message is uncommon, it looks like we are seeing a permission issue, the bootloader is not recognized after booting into it for uploading the update.

25190 DEBUG root print: Critical error:
25190 DEBUG root print: No Nitrokey 3 bootloader device found

could you try the operation as root ? The bootloader has a different PID:VID combination so your user might not have the proper permissions.

On top, would you please check that your udev rules are the right ones: Setting up The udev Rules For nitropy - Nitrokey Documentation (not only its existance, but please also check if the most recent rules file is used).

edit: it also looks like the error you reported before is not shown in this log, does your console output show you the same error?

14

I’ve managed to get it to work; was a permissions issue.

I’ve installed the latest test firmware that claims to support eddsa / ed25519; but it simply does not work. (Works with the traditional NIST curves or RSA ). Maybe your version of PKCS is still v2.4 (EdDSA only added in v3.0) ?

Anyway, I’m disappointed with this and don’t think i’m going to use it. I’ll buy and recommend other products. This is straight up misleading advertisement. Simply not okay

1 Like
15

@daringer I’m rebooting this thread as i would like to know if EdDsa is fully support now with the latest firmware (not alpha)? And is there updates?

Also on @saper 's point; the secure element is still NOT used?

16

Hey @bmartins

EdDSA support for OpenPGPCard is available, as listed here. Nevertheless gpg support for ed25519 is kind of dicey, but generally it should work, please report issues you find to the linked repository.

About the Secure Element: we are currently in the process of releasing the first (test) firmware with activated se050 and minimal functionality to find out if we see any weird/unexpected behavior on devices in the field. The OpenPGP implementation is mostly “functional complete” and we plan to have this released before the end of this year - as always this will strongly depend on the following weeks (how severe the bugs are, which are found in the test-released versions).

2 Likes
17

Will the secure element also speed up ed25519 signatures? I generate a lot of signatures and they’re quite slow at the moment.

18

I don’t know - can you have ed25519 on SE050C1HQ1/Z01SCZ @szszszsz ? (I see some RSA and ECC support in the docs, and a possibility to have a custom Ed25519 cloud identity, so maybe?).

19

The configurations are listed in AN12436 and C1 has support for Ed25519 and EdDSA.

(It’s also mentioned as a “previous generation” variant, but the current generation E2 removes RSA in favor of GCM and Curve448 support.)

1 Like
20

(replying to myself because “new users can only add two links per post”; wtf)

Regarding its performance, I found some slides advertising “28ms” per ECDSA signature, and a paper that compared Mbed-TLS running on a Cortex-M4 to several secure elements and found a ~3.7x speedup in ECDSA signing with the SE050.

1 Like