Skip to content

Commit 3c43bbf

Browse files
nitrosimonnitrosimon
committed
adding table
1 parent 3220133 commit 3c43bbf

File tree

1 file changed

+17
-16
lines changed

1 file changed

+17
-16
lines changed

source/components/nitrokeys/nitrokey3/secure-element.rst

Lines changed: 17 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,21 @@
1-
SE05 Secure Element
2-
===================
1+
SE05x Secure Element
2+
====================
33

44
.. contents:: :local:
55

66
The Secure Element is a tamper-resistant secure element designed by NXP Semiconductors that provides advanced security features.
77
It offers hardware-based security functions including cryptographic operations, secure key storage, and protection against physical and logical attacks.
8-
The SE05 Secure Element is certified to Common Criteria EAL 6+ security level and includes features like RSA, ECC, AES, and SHA algorithms, making it ideal for the Nitrokey 3.
8+
The SE05X Secure Element is certified to Common Criteria EAL 6+ security level and includes features like RSA, ECC, AES, and SHA algorithms, making it ideal for the Nitrokey 3.
99
It usage is optional and provides faster performance and some additional features.
1010

1111
Currently only OpenPGP Card and PIV are using the Secure Element. PIV depends on the Secure Element and does not run without it being enabled and OpenPGP Card can be configured to use the Secure Element or not. Passwords and FIDO2 are not making use of it.
1212

13+
You can read more information about the Secure Element itself here `SE050 <https://www.nxp.com/products/SE050>`__.
14+
1315
Activation and Deactivation
1416
---------------------------
15-
The Secure Element is enabled by default if no key in OpenPGP Card and PIV is already saved on the device. This is automatically the case after reset of the OpenPGP Card or the whole device. Manually activating the Secure Element for the OpenPGP Card will delete all current keys.
17+
The Secure Element is enabled by default if no key in OpenPGP Card and PIV is already saved on the device.
18+
This is automatically the case after reset of the OpenPGP Card or the whole device. Manually activating the Secure Element for the OpenPGP Card will delete all current keys.
1619

1720
To check whether the Secure Element is activated run:
1821

@@ -29,17 +32,15 @@ To disable the Secure Element:
2932
Additional Features
3033
-------------------
3134

32-
The following algorithms can only be used with the Secure Element being enabled:
35+
+------------------------+----------+----------+----------+-----------------+-----------------+-------------------------------+---------------------------------+-----------------------------------+-----------------------------------+--------------------+-----------------+-----------------+-----------------+-------------------+-----------------+-----------------------------------------+
36+
| Algorithm | RSA 2048 | RSA-3072 | RSA-4096 | ECC 256-521 bit | AES-128/256 bit | SHA (SHA-256,SHA-384,SHA-512) | NIST P-256 secp256r1/prime256v1 | NIST P-384 (secp384r1/prime384v1) | NIST P-521 (secp521r1/prime521v1) | Ed25519/Curve25519 | brainpoolp256r1 | brainpoolp384r1 | brainpoolP512r1 | HOTP (RFC 4226), | TOTP (RFC 6238) | Physical random number generator (TRNG) |
37+
+========================+==========+==========+==========+=================+=================+===============================+=================================+===================================+===================================+====================+=================+=================+=================+===================+=================+=========================================+
38+
| With Secure Element |||||||||||||||||
39+
+------------------------+----------+----------+----------+-----------------+-----------------+-------------------------------+---------------------------------+-----------------------------------+-----------------------------------+--------------------+-----------------+-----------------+-----------------+-------------------+-----------------+-----------------------------------------+
40+
| Without Secure Element |||||||||||||||||
41+
| | | | | | | | | | | | | | | | | |
42+
| | | | | | | | | | | | | | | | | |
43+
| | | | | | | | | | | | | | | | | |
44+
+------------------------+----------+----------+----------+-----------------+-----------------+-------------------------------+---------------------------------+-----------------------------------+-----------------------------------+--------------------+-----------------+-----------------+-----------------+-------------------+-----------------+-----------------------------------------+
3345

34-
* RSA-3072
35-
* RSA-4096
36-
* NIST P-384 (secp384r1/prime384v1)
37-
* NIST P-521 (secp521r1/prime521v1)
38-
* brainpoolp256r1
39-
* brainpoolp384r1
40-
* brainpoolp512r1
41-
* secp256k1 (Test release)
4246

43-
TODO:
44-
maybe + a link to the product page or data-sheet
45-
table for comparison

0 commit comments

Comments
 (0)