https://devzone.nordicsemi.com/f/nordic-q-a/77548/nrf91-ciphersHello, What are all the supported cipher suites for the nrf9160? Per your documentation, it seems AES 128 is supported but not AES 256. But, based on some testing with slightly modifying the https example, I was able to verify that AES-256 was useden-USTelligent Community 13Tue, 20 Jul 2021 13:06:47 GMThttps://devzone.nordicsemi.com/thread/320915?ContentTypeID=1Tue, 20 Jul 2021 13:06:47 GMT137ad170-7792-4731-bb38-c0d22fbe4515:77bc76bc-e0d8-48ad-b91f-cfe6abfce713Albrecht Markus Schellenberger<p lang="en-GB">Hello again Aziz,</p> <p lang="en-GB">In general, the modem does not prevent any private keys. You can use the <a href="https://infocenter.nordicsemi.com/topic/ref_at_commands/REF/at_commands/security/cmng.html">Credential storage management %CMNG</a> AT command to write, read and delete private keys.</p> <p lang="en-GB">When opening a TLS connection, the appropriate type/tag pair(s) is used in the TLS attach procedure and TLS negotiation with the server.</p> <p lang="en-GB">Example:</p> <p lang="en-GB"><pre class="ui-code" data-mode="text">AT%CMNG=0,100,2,&quot;put private key data here&quot;</pre></p> <p lang="en-GB">The client writes a private key to the modem (<strong>&lt;type&gt;</strong> is 2, private key in ASCII format, <strong>&lt;sec_tag&gt;</strong> is 100, can be any wanted). This sec tag and private key&nbsp;can then be used for&nbsp;<span>negotiation</span> in TLS attach procedure.</p> <p lang="en-GB">Max length of key/cert data that can be written to memory is about ~8k (contains some header info so actual cert/key data cannot be full 8k).</p> <p lang="en-GB">I hope I could answer your question.</p> <p lang="en-GB">Regards,</p> <p lang="en-GB">Markus</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/320798?ContentTypeID=1Tue, 20 Jul 2021 05:41:24 GMT137ad170-7792-4731-bb38-c0d22fbe4515:ff48e04e-b1d7-47b3-9f64-118d5304f6c4Albrecht Markus Schellenberger<p lang="en-GB">Regarding the keys I’m not sure, so I have to ask our modem team. This might take a while though due to vacation period here in Norway, but I will come back to you as soon as possible.</p> <p lang="en-GB">Regards,</p> <p lang="en-GB">Markus</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/320469?ContentTypeID=1Fri, 16 Jul 2021 14:07:31 GMT137ad170-7792-4731-bb38-c0d22fbe4515:4cfe5de4-0686-4680-a3d8-8abdcc221033Aziz<p>Thanks this is great. What about supported private keys type/length?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/320398?ContentTypeID=1Fri, 16 Jul 2021 10:18:24 GMT137ad170-7792-4731-bb38-c0d22fbe4515:5936f0be-6de0-44ac-8d2b-6c302e309773Albrecht Markus Schellenberger<p lang="en-GB">Hello Aziz,</p> <p lang="en-GB">you can find our supported cipher suites <a href="https://www.nordicsemi.com/Products/Development-hardware/nRF9160-DK/Download">here</a>&nbsp;(see Feature Brief → TLS Cipher suites).</p> <p lang="en-GB">We support the following ones:</p> <p lang="en-GB"><pre class="ui-code" data-mode="text">mbed TLS Name / NIST Name Value TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 {0xC0,0x24} TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA {0xC0,0x0A} TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 {0xC0,0x23} TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA {0xC0,0x09} TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA {0xC0,0x14} TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 {0xC0,0x27} TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA {0xC0,0x13} TLS-PSK-WITH-AES-256-CBC-SHA {0x00,0x8D} TLS-PSK-WITH-AES-128-CBC-SHA256 {0x00,0xAE} TLS-PSK-WITH-AES-128-CBC-SHA {0x00,0x8C} TLS-PSK-WITH-AES-128-CCM-8 {0xC0,0xA8}</pre></p> <p lang="en-GB">For all other suites, we do not have official support.</p> <p lang="en-GB">Regards,</p> <p lang="en-GB">Markus</p><div style="clear:both;"></div>