The Infineon OPTIGA™ Trust X - ECDSA Simple Example is an example project that demonstrates the major ECDSA-related cryptographic functions offered by Trust X.
This example application demonstrates the use of some of the Trust X features. It does not demonstrate a secured system. In a productive system, it depends on the system's security requirements and the system's security architecture, among other factors, which entity and processor conducts which operations (for example, a remote server, a cloud service, or a smartphone).
The example application shows the initialization and three Trust X function groups, using the high-level command library (Infineon OPTIGA™ Trust X Command Library).
The result of each step is explained and output using NRF_LOG_RAW_INFO and NRF_LOG_RAW_HEXDUMP statements.
A sample output, as it can be observed with SEGGER RTT Viewer, looks similar to the following example:
Infineon OPTIGA(TM) Trust X ("Trust X") example for ECDSA
Initialize Trust X host library and I2C protocol.
Open Trust X application.
Retrieve random number (16 byte) from Trust X:
38 F3 A7 35 7F 9B 95 11|8..5....
6F 0B 8B 53 15 1F 6F 9B|o..S..o.
Calculate message digest (SHA-256) with Trust X:
2D D0 0B D7 7E 02 22 CE|-...~.".
D8 82 66 54 81 A9 C1 D9|..fT....
F9 07 30 9D 16 E0 5E D0|..0...^.
07 A1 EA 63 92 84 77 A9|...c..w.
Sign digest with protected private key OID_DEVICE_PRIVATE_KEY_1 inside Trust X:
30 44 02 20 50 A2 67 2E|0D. P.g.
D5 B8 60 43 1A DB D1 9F|..`C....
64 47 0F 5E FB AB 02 7A|dG.^...z
06 1F 60 F9 64 E0 FA D7|..`.d...
22 6F CA 4D 02 20 71 1F|"o.M. q.
FB 02 7C C2 2B 46 D1 AD|..|.+F..
83 79 7F 4B D6 67 DD 01|.y.K.g..
7A 36 48 83 28 41 82 03|z6H.(A..
11 93 5F EB 83 41 |.._..A
Retrieve Infineon public key certificate (OID_INFINEON_CERTIFICATE) from Trust X (output truncated):
30 82 01 C0 30 82 01 67|0...0..g
A0 03 02 01 02 02 04 01|........
02 03 0A 30 0A 06 08 2A|...0...*
86 48 CE 3D 04 03 02 30|.H.=...0
77 31 0B 30 09 06 03 55|w1.0...U
04 06 13 02 44 45 31 21|....DE1!
30 1F 06 03 55 04 0A 0C|0...U...
18 49 6E 66 69 6E 65 6F|.Infineo
6E 20 54 65 63 68 6E 6F|n Techno
6C 6F 67 69 65 73 20 41|logies A
Verify signature using mbed TLS and the certificate's public key:
OK - successfully verified!
Create key pair with Trust X in slot OID_DEVICE_PRIVATE_KEY_2 and print public key:
DB 33 E4 E7 E5 DE 90 42|.3.....B
A8 94 92 30 E7 1E 5D 18|...0..].
36 75 31 CE CF C9 12 08|6u1.....
B7 6A 94 D9 27 22 77 2F|.j..'"w/
22 48 DC 62 C5 AF B9 DD|"H.b....
E0 CE 66 49 49 C8 DA 83|..fII...
A9 63 A6 76 49 B4 E8 76|.c.vI..v
12 |.
Calculate message digest (SHA-256) with Trust X:
AB 53 0A 13 E4 59 14 98|.S...Y..
2B 79 F9 B7 E3 FB A9 94|+y......
CF D1 F3 FB 22 F7 1C EA|...."...
1A FB F0 2B 46 0C 6D 1D|...+F.m.
Sign digest with generated private key OID_DEVICE_PRIVATE_KEY_2 inside Trust X:
30 46 02 21 00 E4 52 B0|0F.!..R.
29 CA F9 EE 91 FB 26 57|).....&W
C4 DE 95 5A C1 5C 1A C6|...Z.\..
94 8D C0 72 D3 C2 F7 22|...r..."
28 7A 68 D0 A8 02 21 00|(zh...!.
D3 82 58 6D 17 FB 3E 41|..Xm..>A
63 22 3C E3 E2 62 39 5F|c"<..b9_
8C 56 27 CE 64 32 E9 DD|.V'.d2..
Verify signature with Trust X using the generated public key:
OK - successfully verified!
Verify signature with mbed TLS using the generated public key:
OK - successfully verified!
Trust X example application finished.
You can find the source code and the project file of the example in the following folder: <InstallFolder>\examples\crypto\ifx_optiga_ecdsa_simple
Test the application by observing the debugging output via SEGGER J-Link RTT Viewer:
Alternatively, a debugger in any supported IDE can be used to step through the example application code in main.c and the host library files.