This information applies to the nRF52840 SoC only.
The Infineon OPTIGA Trust E Authentication Application is an example that demonstrates strong cryptographic authentication using the Infineon OPTIGA Trust E hardware security module.
For more information about Infineon OPTIGA Trust E, see OPTIGA Trust E product website.
- Note
- This example application verifies the digital signature on the nRF52. In a productive system, it depends on the system's security requirements and the system's security architecture, among other factors, which controller is the verifying party (e.g., a remote server, a cloud service, or a smartphone).
The application uses two Infineon libraries:
The example application conducts the following steps, utilizing the Infineon OPTIGA Trust E command library:
- Initialize the Infineon OPTIGA Trust E hardware module using optiga_open_application().
- Retrieve 16 Bytes of cryptographic-quality random numbers from the Infineon OPTIGA Trust E using optiga_get_random().
- Sign the previously retrieved random numbers on the Infineon OPTIGA Trust E using optiga_set_auth_scheme() and optiga_sign().
- Retrieve the public key certificate from the Infineon OPTIGA Trust E using optiga_read_certificate().
Finally, the signature is verified using the public key from the certificate. The verification is conducted using mbedtls. The result of the verification is indicated with the corresponding NRF_LOG_RAW_INFO statement.
Setup
You can find the source code and the project file of the example in the following folder: <InstallFolder>\examples\crypto\ifx_optiga_auth
Testing
- Note
- The application executes the described procedure once and then waits for an external reset.
Test the application by observing the debugging output via SEGGER J-Link RTT Viewer:
- Enable the NRF logging module by defining NRF_LOG_ENABLED. Furthermore, define the preferred logging frontend, e.g.,
NRF_LOG_BACKEND_SERIAL_USES_RTT=1
for the SEGGER J-Link RTT Viewer.
- Compile and program the application.
- Turn on SEGGER RTT Viewer and observe the output.
- Restart the app on the nRF52 to observe the process again.
Alternatively, use a debugger in a supported IDE to step through the example application code in main.c
and the library files.