EdgeLock SE050/SE051 Capability Inquiry for Ed25519/X25519-Based IoT Device

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

EdgeLock SE050/SE051 Capability Inquiry for Ed25519/X25519-Based IoT Device

249 Views
SahilPai
Contributor I

Hello NXP Team,

We are evaluating the EdgeLock SE050/SE051 family for a Raspberry Pi based IoT device and would appreciate guidance on the most suitable part number.

Our primary requirements are secure storage and hardware execution of cryptographic operations.

The device is a Raspberry Pi 4 - running Raspberry Pi OS (Linux).

We would like clarification on the following points:

1. Key Storage
  
   - Can the SE050/SE051 securely store non-exportable private keys?
   - Can certificates and public keys be stored in the secure element?

2. Key Generation
  
   - Can the secure element generate key pairs internally?
   - Specifically, does it support generation of Ed25519 and X25519 key pairs within the secure element?

3. Ed25519 Operations
  
   - Can Ed25519 signing and signature verification be supported inside the secure element?

4. X25519 Operations
  
   - Can X25519 key agreement (ECDH shared secret computation) be performed inside the secure element using a non-exportable private key?

5. AES Operations
  
   - Does the secure element support AES encryption and decryption operations?
   - If so, which AES modes are supported?
 
6. Storage read/write
   - Storing/removing/accessing files like wifi passwords?

7. Linux / Raspberry Pi Integration
  
   - Is there an SDK or middleware available for Raspberry Pi OS?
   - Are there example applications demonstrating the above operations?

8. Product Selection
  
   - Which EdgeLock SE050/SE051 variant would you recommend for the above requirements?
   - What are the major differences between the recommended variants?
   - Are there any newer EdgeLock products that would be a better fit for these requirements?


Our intended use case is:

- Ed25519 signing for device authentication / JWT generation
- X25519 key agreement for mobile-device provisioning
- AES encryption/decryption using derived session keys
- Storage and handling of security files like Wifi passwords etc
- Large-scale deployment of IoT devices

If available, we would also appreciate links to any of these:

- Relevant datasheets
- Application notes
- SDK documentation
- Evaluation boards
- Linux/Raspberry Pi examples

Thank you for your assistance.

Best regards,
Sahil Pai
0 Kudos
Reply
1 Reply

103 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @SahilPai ,

 

Please kindly have my comments as below:

 

1. Key Storage
  
   - Can the SE050/SE051 securely store non-exportable private keys? //Yes, private keys are non-exportable on SE05x.
   - Can certificates and public keys be stored in the secure element? // Yes, certs are stored as binary files within the SE , and public key can be stored standalone or together with the private key in SE05x.

2. Key Generation
  
   - Can the secure element generate key pairs internally?// Yes, it supports.
   - Specifically, does it support generation of Ed25519 and X25519 key pairs within the secure element?// Yes, Ed25519 and X25519 key pairs are supported.

3. Ed25519 Operations
  
   - Can Ed25519 signing and signature verification be supported inside the secure element?// Yes, Ed25519 signing and signature verification are supported inside the SE05x.

4. X25519 Operations
  
   - Can X25519 key agreement (ECDH shared secret computation) be performed inside the secure element using a non-exportable private key? //Yes, ECDH is performed with a private key within SE05x and an external  public key which can be stored in SE05x as well.

5. AES Operations
  
   - Does the secure element support AES encryption and decryption operations? //Yes,
   - If so, which AES modes are supported?// Support for AES Modes:CBC, ECB, CTR, GCM, CCM.
 
6. Storage read/write
   - Storing/removing/accessing files like wifi passwords?//Yes, SE050/SE051 can store binary objects in its secure object store, including Wi-Fi credentials.

7. Linux / Raspberry Pi Integration
  
   - Is there an SDK or middleware available for Raspberry Pi OS?// Yes, please refer to https://www.nxp.com/webapp/Download?colCode=SE05x-PLUG-TRUST-MW&appType=license for details.
   - Are there example applications demonstrating the above operations?//Yes.

8. Product Selection
  
   - Which EdgeLock SE050/SE051 variant would you recommend for the above requirements?// Either SE050E2 or SE051C2 can be used.
   - What are the major differences between the recommended variants?// They both have the latest applet version, but SE051 supports applet upgrade while SE050 doesn't.
   - Are there any newer EdgeLock products that would be a better fit for these requirements?//not yet so far.
 
Please kindly refer to https://www.nxp.com/products/SE050 and https://www.nxp.com/products/SE051 for more details.
 
Hope that helps,
 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-2385108%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3EEdgeLock%20SE050%2FSE051%20Capability%20Inquiry%20for%20Ed25519%2FX25519-Based%20IoT%20Device%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2385108%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3E%3CSPAN%3EHello%20NXP%20Team%2C%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EWe%20are%20evaluating%20the%20EdgeLock%20SE050%2FSE051%20family%20for%20a%20Raspberry%20Pi%20based%20IoT%20device%20and%20would%20appreciate%20guidance%20on%20the%20most%20suitable%20part%20number.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EOur%20primary%20requirements%20are%20secure%20storage%20and%20hardware%20execution%20of%20cryptographic%20operations.%3C%2FSPAN%3E%3C%2FP%3E%3CDIV%3EThe%20device%20is%20a%20Raspberry%20Pi%204%20-%20running%20Raspberry%20Pi%20OS%20(Linux).%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20would%20like%20clarification%20on%20the%20following%20points%3A%3CBR%20%2F%3E%3CBR%20%2F%3E1.%20Key%20Storage%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Can%20the%20SE050%2FSE051%20securely%20store%20non-exportable%20private%20keys%3F%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Can%20certificates%20and%20public%20keys%20be%20stored%20in%20the%20secure%20element%3F%3CBR%20%2F%3E%3CBR%20%2F%3E2.%20Key%20Generation%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Can%20the%20secure%20element%20generate%20key%20pairs%20internally%3F%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Specifically%2C%20does%20it%20support%20generation%20of%20Ed25519%20and%20X25519%20key%20pairs%20within%20the%20secure%20element%3F%3CBR%20%2F%3E%3CBR%20%2F%3E3.%20Ed25519%20Operations%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Can%20Ed25519%20signing%20and%20signature%20verification%20be%20supported%20inside%20the%20secure%20element%3F%3CBR%20%2F%3E%3CBR%20%2F%3E4.%20X25519%20Operations%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Can%20X25519%20key%20agreement%20(ECDH%20shared%20secret%20computation)%20be%20performed%20inside%20the%20secure%20element%20using%20a%20non-exportable%20private%20key%3F%3CBR%20%2F%3E%3CBR%20%2F%3E5.%20AES%20Operations%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%20%26nbsp%3B-%20Does%20the%20secure%20element%20support%20AES%20encryption%20and%20decryption%20operations%3F%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20If%20so%2C%20which%20AES%20modes%20are%20supported%3F%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E6.%20Storage%20read%2Fwrite%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%20%26nbsp%3B-%20Storing%2Fremoving%2Faccessing%20files%20like%20wifi%20passwords%3F%3C%2FDIV%3E%3CDIV%3E%3CBR%20%2F%3E7.%20Linux%20%2F%20Raspberry%20Pi%20Integration%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Is%20there%20an%20SDK%20or%20middleware%20available%20for%20Raspberry%20Pi%20OS%3F%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Are%20there%20example%20applications%20demonstrating%20the%20above%20operations%3F%3CBR%20%2F%3E%3CBR%20%2F%3E8.%20Product%20Selection%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Which%20EdgeLock%20SE050%2FSE051%20variant%20would%20you%20recommend%20for%20the%20above%20requirements%3F%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20What%20are%20the%20major%20differences%20between%20the%20recommended%20variants%3F%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Are%20there%20any%20newer%20EdgeLock%20products%20that%20would%20be%20a%20better%20fit%20for%20these%20requirements%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FDIV%3E%3CDIV%3EOur%20intended%20use%20case%20is%3A%3CBR%20%2F%3E%3CBR%20%2F%3E-%20Ed25519%20signing%20for%20device%20authentication%20%2F%20JWT%20generation%3CBR%20%2F%3E-%20X25519%20key%20agreement%20for%20mobile-device%20provisioning%3CBR%20%2F%3E-%20AES%20encryption%2Fdecryption%20using%20derived%20session%20keys%3C%2FDIV%3E%3CDIV%3E-%20Storage%20and%20handling%20of%20security%20files%20like%20Wifi%20passwords%20etc%3CBR%20%2F%3E-%20Large-scale%20deployment%20of%20IoT%20devices%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20available%2C%20we%20would%20also%20appreciate%20links%20to%20any%20of%20these%3A%3CBR%20%2F%3E%3CBR%20%2F%3E-%20Relevant%20datasheets%3CBR%20%2F%3E-%20Application%20notes%3CBR%20%2F%3E-%20SDK%20documentation%3CBR%20%2F%3E-%20Evaluation%20boards%3CBR%20%2F%3E-%20Linux%2FRaspberry%20Pi%20examples%3CBR%20%2F%3E%3CBR%20%2F%3EThank%20you%20for%20your%20assistance.%3CBR%20%2F%3E%3CBR%20%2F%3EBest%20regards%2C%3CBR%20%2F%3ESahil%20Pai%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2388795%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20EdgeLock%20SE050%2FSE051%20Capability%20Inquiry%20for%20Ed25519%2FX25519-Based%20IoT%20Device%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2388795%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F264045%22%20target%3D%22_blank%22%3E%40SahilPai%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3EPlease%20kindly%20have%20my%20comments%20as%20below%3A%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CDIV%3E1.%20Key%20Storage%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Can%20the%20SE050%2FSE051%20securely%20store%20non-exportable%20private%20keys%3F%20%2F%2FYes%2C%20private%20keys%20are%20non-exportable%20on%20SE05x.%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Can%20certificates%20and%20public%20keys%20be%20stored%20in%20the%20secure%20element%3F%20%2F%2F%20Yes%2C%20certs%20are%20stored%20as%20binary%20files%20within%20the%20SE%20%2C%20and%20public%20key%20can%20be%20stored%20standalone%20or%20together%20with%20the%20private%20key%20in%20SE05x.%3CBR%20%2F%3E%3CBR%20%2F%3E2.%20Key%20Generation%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Can%20the%20secure%20element%20generate%20key%20pairs%20internally%3F%2F%2F%20Yes%2C%20it%20supports.%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Specifically%2C%20does%20it%20support%20generation%20of%20Ed25519%20and%20X25519%20key%20pairs%20within%20the%20secure%20element%3F%2F%2F%20Yes%2C%26nbsp%3BEd25519%20and%20X25519%20key%20pairs%20are%20supported.%3CBR%20%2F%3E%3CBR%20%2F%3E3.%20Ed25519%20Operations%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Can%20Ed25519%20signing%20and%20signature%20verification%20be%20supported%20inside%20the%20secure%20element%3F%2F%2F%20Yes%2C%20Ed25519%20signing%20and%20signature%20verification%20are%20supported%20inside%20the%20SE05x.%3CBR%20%2F%3E%3CBR%20%2F%3E4.%20X25519%20Operations%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Can%20X25519%20key%20agreement%20(ECDH%20shared%20secret%20computation)%20be%20performed%20inside%20the%20secure%20element%20using%20a%20non-exportable%20private%20key%3F%20%2F%2FYes%2C%20ECDH%20is%20performed%20with%20a%20private%20key%20within%20SE05x%20and%20an%20external%26nbsp%3B%20public%20key%20which%20can%20be%20stored%20in%20SE05x%20as%20well.%3CBR%20%2F%3E%3CBR%20%2F%3E5.%20AES%20Operations%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%20%26nbsp%3B-%20Does%20the%20secure%20element%20support%20AES%20encryption%20and%20decryption%20operations%3F%20%2F%2FYes%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20If%20so%2C%20which%20AES%20modes%20are%20supported%3F%2F%2F%26nbsp%3BSupport%20for%20AES%20Modes%3ACBC%2C%20ECB%2C%20CTR%2C%20GCM%2C%20CCM.%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E6.%20Storage%20read%2Fwrite%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%20%26nbsp%3B-%20Storing%2Fremoving%2Faccessing%20files%20like%20wifi%20passwords%3F%2F%2FYes%2C%26nbsp%3B%3CSPAN%3ESE050%2FSE051%20can%20store%20binary%20objects%20in%20its%20secure%20object%20store%2C%20including%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3EWi-Fi%20credentials.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CBR%20%2F%3E7.%20Linux%20%2F%20Raspberry%20Pi%20Integration%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Is%20there%20an%20SDK%20or%20middleware%20available%20for%20Raspberry%20Pi%20OS%3F%2F%2F%20Yes%2C%20please%20refer%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.nxp.com%2Fwebapp%2FDownload%3FcolCode%3DSE05x-PLUG-TRUST-MW%26amp%3BappType%3Dlicense%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.nxp.com%2Fwebapp%2FDownload%3FcolCode%3DSE05x-PLUG-TRUST-MW%26amp%3BappType%3Dlicense%3C%2FA%3E%26nbsp%3Bfor%20details.%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Are%20there%20example%20applications%20demonstrating%20the%20above%20operations%3F%2F%2FYes.%3CBR%20%2F%3E%3CBR%20%2F%3E8.%20Product%20Selection%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Which%20EdgeLock%20SE050%2FSE051%20variant%20would%20you%20recommend%20for%20the%20above%20requirements%3F%2F%2F%20Either%20SE050E2%20or%20SE051C2%20can%20be%20used.%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20What%20are%20the%20major%20differences%20between%20the%20recommended%20variants%3F%2F%2F%20They%20both%20have%20the%20latest%20applet%20version%2C%20but%20SE051%20supports%20applet%20upgrade%20while%20SE050%20doesn't.%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20-%20Are%20there%20any%20newer%20EdgeLock%20products%20that%20would%20be%20a%20better%20fit%20for%20these%20requirements%3F%2F%2Fnot%20yet%20so%20far.%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3EPlease%20kindly%20refer%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.nxp.com%2Fproducts%2FSE050%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.nxp.com%2Fproducts%2FSE050%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.nxp.com%2Fproducts%2FSE051%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.nxp.com%2Fproducts%2FSE051%3C%2FA%3E%26nbsp%3Bfor%20more%20details.%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3EHope%20that%20helps%2C%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%0A%3CP%3EHave%20a%20great%20day%2C%3CBR%20%2F%3EKan%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E-------------------------------------------------------------------------------%3CBR%20%2F%3ENote%3A%3CBR%20%2F%3E-%20If%20this%20post%20answers%20your%20question%2C%20please%20click%20the%20%22Mark%20Correct%22%20button.%20Thank%20you!%3CBR%20%2F%3E-%20We%20are%20following%20threads%20for%207%20weeks%20after%20the%20last%20post%2C%20later%20replies%20are%20ignored%3CBR%20%2F%3EPlease%20open%20a%20new%20thread%20and%20refer%20to%20the%20closed%20one%2C%20if%20you%20have%20a%20related%20question%20at%20a%20later%20point%20in%20time.%3CBR%20%2F%3E-------------------------------------------------------------------------------%3C%2FP%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E