The OPTIGA backend for nrf_crypto provides selected features of the Infineon OPTIGA Trust X as part of Nordic's unified nrf_crypto API.
The selected Trust X functions supported with the OPTIGA backend are:
The backend implementation is based on the Infineon OPTIGA™ Trust X Software Framework. Specifically, the backend uses the high-level API of the Trust X Software Framework to interface with the Trust X device. See Trust X Software Framework for more details.
See Configuring nrf_crypto frontend and backends for details on enabling this backend.
Get familiar with the Nordic platform-specific remarks (Important information) to properly set up your project when using Trust X.
For elliptic curve, Trust X currently supports the EC domains NIST P-256 and P-384.
Trust X can generate cryptographic-quality random numbers, using its internal true random number generator (TRNG).
Trust X can generate cryptographic-quality EC key pairs. A generated private key can be kept safely inside Trust X. Consequently, only the public key needs to be exported from Trust X.
Trust X can conduct ECDH key agreement. The private key can either be supplied from the host, or a private key stored safely in Trust X can be used.
Trust X can compute ECDSA signature using a private key stored safely and exclusively inside Trust X. Additionally, Trust X can verify signatures using a public-key certificate stored inside Trust X.
The Trust X Software framework provides helper functions to convert ASN.1-coded signature value to and from its individual R and S components. See ecdsa_utils.h.
See Cryptography library - nrf_crypto for nrf_crypto APIs that can use this backend.