This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nrf52 data encryption and decryption using ecc

Dear All,

I need to understand how the Asymmetric Encryption work in BLE.
From Nordic, I get to know the following that following are the nrf_crypto frontend modules

  1. AES - Advanced Encryption Standard
  2. AEAD - Authenticated Encryption with Associated Data
  3. ChaCha-Poly
  4. ECC - Elliptic Curve Cryptography
  5. ECDH - Elliptic Curve Diffie–Hellman
  6. ECDSA - Elliptic Curve Digital Signature Algorithm
  7. EdDSA - Edwards-curve Digital Signature Algorithm
  8. Hash - Cryptographic hash functions
  9. HMAC - Hash-based message authentication code
  10. HKDF - HMAC-based Extract-and-Expand Key Derivation Function
  11. RNG - Random Number Generator

I get to know that using, NRF_CRYPTO_CURVES, we can generated private and Public keys,

Can you share me the Application Code, where I can see my data string get encrypt and decrypt using public and private key. 

Can anyone help me with maybe silly problem ?

Also please correct me, if any of my above understanding is wrong.

Thank you.

Regards,

Jinesh Punatar

+91 960 496 5426

Parents
  • Hi Jinesh,

    Are you interesting how asymmetric cryptography is implemented for LESC pairing in BLE, or you just want to encrypt some data with your own code?

    In ECC cryptography, public and private keys are not used directly to encrypt data. Instead, each party generates its own key pair using nrf_crypto_ecc_key_pair_generate(), then both parties exchange with their public keys - that's called Diffie-Hellman algorithm, ECDH. Function nrf_crypto_ecdh_compute() takes own private key and other party's public key, the result is a shared secret (ECDH mathematic ensures that it will be the same at both sides). This shared secret is transformed to a session key with key derivation function (BLE uses HMAC-SHA-256 for this step), then session key is used to encrypt data with symmetric encryption algorithm (AES).
    You can find examples for ECDH, HMAC and AES in SDK under examples/crypto/nrf_crypto.

  • Hi Dmity,

    Thanks for the support,

    I went to the HMAC example code, there i have found that mechanism to generated the Secret key by the devices using it's private key and public key of other devices.

    But i am more interested, how can i encrypt and decrypt my data using this Secret key.

Reply Children
  • Hi,

    It would be good if you clarified what you want to do.

    Dimitry's answer describes how ECC is used in BLE, and that gives you an encrypted BLE link, meaning that tall data sent over the link is encrypted. This is how it is done in BLE (using LE Secure Connections). So if you just want to encrypt your link in a secure, just use what we provide in the SDK, and make sure you use LESC.

    If you want to encrypt data in an application-specific way, then you can refer to the nrf_crypto library and nrf_crypto examples. Please note that actually encrypting the data using ECC is seldom sensible, which is why most crypto systems use ECC (or other asymmetric public-key cryptography algorithms) to generate the shared secret only, and then use AES or some other symmetric algorithm, as that has much better performance.

Related