From 8fdfac22e7f3f1a8386441d95c04291f5fde3af6 Mon Sep 17 00:00:00 2001 From: simon Date: Fri, 13 Dec 2024 21:15:03 +0100 Subject: [PATCH] SE050 doc page --- .../components/nitrokeys/nitrokey3/SE050.rst | 55 +++++++++++++++++++ .../components/nitrokeys/nitrokey3/index.rst | 5 ++ 2 files changed, 60 insertions(+) create mode 100644 source/components/nitrokeys/nitrokey3/SE050.rst diff --git a/source/components/nitrokeys/nitrokey3/SE050.rst b/source/components/nitrokeys/nitrokey3/SE050.rst new file mode 100644 index 0000000000..d70412dc36 --- /dev/null +++ b/source/components/nitrokeys/nitrokey3/SE050.rst @@ -0,0 +1,55 @@ +SE050 Secure Element +==================== + +.. contents:: :local: + +The Secure Element is a tamper-resistant secure element designed by NXP Semiconductors that provides advanced security features. +It offers hardware-based security functions including cryptographic operations, secure key storage, and protection against physical and logical attacks. +The SE050 Secure Element is certified to Common Criteria EAL 6+ security level and includes features like RSA, ECC, AES, and SHA algorithms, making it ideal for the Nitrokey 3. +It usage is optional and provides faster performance and some additional features. + +There are several apps on the Nitrokey 3 of which current only OpenPGPCard (opcard) and PIV (piv) are using it. PIV depends on the Secure Element and does not run without it being enabled. +Passwords (secrets) and FIDO2 (fido-authenticator) are not making use of it. + +Activation and Deactivation +--------------------------- +The Secure Element is enabled by default if no key is already saved on the device. This is automatically the case after reset of the opcard or the whole device. Activating the Secure Element for the opcard app will delete all current keys. + +To check whether the Secure Element is activated run + +* nitropy nk3 get-config opcard.use_se050_backend + +To enable the Secure Element + +* nitropy nk3 set-config opcard.use_se050_backend true + +To disable the Secure Element + +* nitropy nk3 set-config opcard.use_se050_backend false + +Additional Features +------------------- + +The following features are exclusively usable with the Secure Element being enabled: + +Secure key storage: + +* RSA4096 +* RSA3072 + + +The following Elliptic Curve algorithms can only be used with the SE50 enabled: + +* NIST P-384 +* NIST P-521 (secp256r1/prime256v1, secp384r1/prime384v1, secp521r1/prime521v1) +* brainpoolp256r1 +* brainpoolp384r1 +* brainpoolp512r1 +* SECP256K1 (Test release) + +TODO: + maybe + a link to the product page or data-sheet + table for comparison + + + diff --git a/source/components/nitrokeys/nitrokey3/index.rst b/source/components/nitrokeys/nitrokey3/index.rst index 5aefa4d5c0..98f18de8f8 100644 --- a/source/components/nitrokeys/nitrokey3/index.rst +++ b/source/components/nitrokeys/nitrokey3/index.rst @@ -23,6 +23,11 @@ and the product guides: Set Pins nitropy Reset +<<<<<<< HEAD + The Secure Element SE50 +======= + The Secure Element SE050 +>>>>>>> 2ed1d5bf0 (SE050 doc page) Troubleshooting or check out the features: