https://devzone.nordicsemi.com/f/nordic-q-a/60521/nrf52-data-encryption-and-decryption-using-eccDear All, I need to understand how the Asymmetric Encryption work in BLE. From Nordic, I get to know the following that following are the nrf_crypto frontend modules AES - Advanced Encryption Standard AEAD - Authenticated Encryption with Associateden-USTelligent Community 13Wed, 29 Apr 2020 07:25:59 GMThttps://devzone.nordicsemi.com/thread/247223?ContentTypeID=1Wed, 29 Apr 2020 07:25:59 GMT137ad170-7792-4731-bb38-c0d22fbe4515:95e04a79-b14d-468c-8225-4ab9fd286d04Einar Thorsrud<p>Hi,</p> <p>It would be good if you clarified what you want to do.</p> <p>Dimitry&#39;s answer describes how ECC is used&nbsp;in BLE, and that gives you an encrypted BLE link, meaning that tall data sent over the link is encrypted. This is how it is done in BLE (using LE Secure Connections). So if you&nbsp;just want to encrypt your link in a secure, just use what we provide in the SDK, and make sure you use LESC.</p> <p>If you want to encrypt data in an application-specific way, then you can refer to the <a href="https://infocenter.nordicsemi.com/topic/sdk_nrf5_v16.0.0/lib_crypto.html">nrf_crypto library</a> and <a href="https://infocenter.nordicsemi.com/topic/sdk_nrf5_v16.0.0/crypto_examples_nrf_crypto.html">nrf_crypto examples</a>. Please note that actually encrypting the data using ECC is seldom sensible, which is why most crypto systems use ECC (or other asymmetric public-key cryptography algorithms) to generate the shared secret only, and then use AES or some other symmetric algorithm, as that has much better performance.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/247196?ContentTypeID=1Wed, 29 Apr 2020 04:47:24 GMT137ad170-7792-4731-bb38-c0d22fbe4515:d5ffc162-0ec4-4f4f-9d11-3a2a03b036c0Jinesh<p>Hi Dmity,</p> <p>Thanks for the support,</p> <p>I went to the HMAC example code, there i have&nbsp;found that mechanism to generated the <strong>Secret key</strong> by the devices using it&#39;s private key and public key of other devices.</p> <p>But i am more interested, how can i&nbsp;<span>encrypt and decrypt my data using this&nbsp;<strong>Secret&nbsp;key.</strong></span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/247193?ContentTypeID=1Wed, 29 Apr 2020 04:41:02 GMT137ad170-7792-4731-bb38-c0d22fbe4515:01cce389-7f9c-4383-bcd0-723b5d71ce93Jinesh<p>Hi Dmity,</p> <p>I am more interested in the example how we can encrypt and decrypt the data.with&nbsp;<strong>ECC - Elliptic Curve Cryptography method.</strong></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/245999?ContentTypeID=1Wed, 22 Apr 2020 10:41:30 GMT137ad170-7792-4731-bb38-c0d22fbe4515:2dc62753-5e2c-44a6-8812-9b9053313fdaDmitry<p>Hi Jinesh,</p> <p>Are you interesting how asymmetric cryptography is implemented for LESC pairing in BLE, or you just want to encrypt some data with your own code?</p> <p>In ECC cryptography, public and private keys are not used directly to encrypt data. Instead, each party generates its own key pair using nrf_crypto_ecc_key_pair_generate(), then both parties exchange with their public keys - that&#39;s called Diffie-Hellman algorithm, ECDH. Function nrf_crypto_ecdh_compute() takes own private key and other party&#39;s public key, the result is a shared secret (ECDH mathematic ensures that it will be the same at both sides). This shared secret is transformed to a session key with key derivation function<span>&nbsp;</span>(BLE uses HMAC-SHA-256 for this step), then session key is used to encrypt data with symmetric encryption algorithm (AES).<br />You can find examples for ECDH,<span>&nbsp;</span>HMAC<span>&nbsp;</span>and AES in SDK under examples/crypto/nrf_crypto.</p><div style="clear:both;"></div>