How to sign using nrf_crypto_sign()?

Hello,

Signing is the only function in the nrf_crypto library in SDK 12.x which require random number generation (RNG) to work. For all the other functions, RNG is optional. There is no use-cases of signing in our SDK, and to reduce the size of DFU/bootloader, RNG is disabled by default. To use signing, the RNG module needs to be initialized and passed to the ecc module. This is done by changing the parameter to ecc_init() in nrf_crypto_init() in nrf_crypto.c from false to true:

uint32_t nrf_crypto_init(void)
{
    ecc_init(true);

    return NRF_SUCCESS;
}

You also need to enable the RNG module using nrf_drv_rng_init(), before calling nrf_crypto_init().

Finally, you need to add the define SVC_INTERFACE_CALL_AS_NORMAL_FUNCTION to your C/C++ preprocessor symbols, to use the normal function calls in nrf_crypto library.

I have created an example that use the nrf_crypto library with nRF51 and a NIST 256-bit curve. The example shows public key generation from private key, hasing of string using SHA256 algorithm, signing of the hash using the private key and verification of the has using the public key. Note that putting the private key in the application can be a security risk, and should typically be avoided. You should allways create your own private/public keyset and keep the private key secret.

The example written for SDK 12.3, and is only updated to have support for PCA10028 board and Keil v5 IDE. Let me know if you need me to update the example for IAR/GCC or other boards.

nrf_crypto_example.zip

Best regards,

Jørgen

Thanks for your prompt reply!!

Thanks for your prompt reply!!