https://devzone.nordicsemi.com/f/nordic-q-a/25681/is-fast-4096-bit-asymmetric-encryption-in-the-pipelineWe are using the NRF52840 as a basis for BLE-based secure IoT network. I know that the Crypto library enables hardware-accelerated encryption/decryption. However, as far as I understand, the maximum key length is 512 bits? I wanted to ask if Nordicen-USTelligent Community 13Fri, 06 Oct 2017 08:17:40 GMThttps://devzone.nordicsemi.com/thread/101155?ContentTypeID=1Fri, 06 Oct 2017 08:17:40 GMT137ad170-7792-4731-bb38-c0d22fbe4515:158acf70-8bf9-4f9f-9148-b956a85a475bendnode<p>Yes, there are SW implementations which probably fits into flash and RAM and it will work. However performance will be poor and if you plan to do more than few such RSA operations per one transaction then it can take seconds and minutes...</p> <p>Google some references (which should show you that changing from RSA to ECC or better some standard ECC+AES scheme on your backend might be the only option;) like:</p> <ul> <li><a href="https://crypto.stackexchange.com/questions/29843/rsa-signature-verification-implementation-on-cortex-m0">crypto.stackexchange.com/.../rsa-signature-verification-implementation-on-cortex-m0</a></li> <li><a href="https://csrc.nist.gov/csrc/media/events/lightweight-cryptography-workshop-2015/documents/presentations/session7-vincent.pdf">csrc.nist.gov/.../session7-vincent.pdf</a></li> </ul><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/101154?ContentTypeID=1Fri, 06 Oct 2017 07:34:59 GMT137ad170-7792-4731-bb38-c0d22fbe4515:d4ce2dd0-1779-4672-9239-d69c8365fadameetandyhere<p>Yes, we are using RSA. The 4096-bit key requirement comes from our cloud. And true, large payloads do use symmetric encryption. Maybe my 500KB example was a bit exaggerated. It would be a payload that is small enough to pass through asymmetric crypto without prohibitive delays. The use case is the NRF52840 BLE exchanging authentication information (typically JSON string) with a smartphone. Would 4096-bit RSA for small payloads be feasible on the NRF52840?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/101156?ContentTypeID=1Wed, 04 Oct 2017 19:22:38 GMT137ad170-7792-4731-bb38-c0d22fbe4515:eb11c775-30e6-47ab-bea4-480eb742d1faendnode<p>(cannot agree more)</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/101153?ContentTypeID=1Wed, 04 Oct 2017 18:08:33 GMT137ad170-7792-4731-bb38-c0d22fbe4515:8abdf4ca-a6dc-4a96-be47-1c374bdfd1ebKrzysztof Zaraska<p>Errr... you don&#39;t encrypt the payload with asymmetric cypher. You encrypt the payload with a symmetric cypher like AES using a random key, and then use asymmetric cypher to encrypt the AES key. Also, 4096-bit key size suggests you are using RSA. Why not switch to ECC? Both faster and smaller key size for the same security.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/101157?ContentTypeID=1Wed, 04 Oct 2017 11:50:03 GMT137ad170-7792-4731-bb38-c0d22fbe4515:2d7dbbcc-cb3b-4c16-ba70-c2626d6c40c8J&#248;rgen Holmefjord<p>Hi,</p> <p>The nRF52840 IC has the most advanced support for hardware accelerated cryptographic services, using the ARM TrustZone CryptoCell 310. The CryptoCell support RSA asymmetric encryption with up to 2048 bit key size, but not 4096 bit. What type of cryptographic routines are you looking for? You can test the CryptoCell using the <a href="http://infocenter.nordicsemi.com/topic/com.nordic.infocenter.sdk5.v14.0.0/cryptocell_example.html?cp=4_0_0_4_2_1">CryptoCell examples in the SDK</a>.</p> <p>Best regards,</p> <p>Jørgen</p><div style="clear:both;"></div>