Skip to content

Commit fe2f83d

Browse files
nitrosimonnitrosimon
committed
SE050 doc page
1 parent fe41933 commit fe2f83d

File tree

2 files changed

+56
-0
lines changed

2 files changed

+56
-0
lines changed

source/components/nitrokeys/nitrokey3/index.rst

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ and the product guides:
2323
Set Pins <set-pins>
2424
nitropy <nitropy>
2525
Reset <reset>
26+
The Secure Element SE050 <se050>
2627
Troubleshooting <troubleshooting>
2728

2829
or check out the features:

source/components/nitrokeys/nitrokey3/se050.rst

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
SE050 Secure Element
2+
====================
3+
4+
.. contents:: :local:
5+
6+
The Secure Element is a tamper-resistant secure element designed by NXP Semiconductors that provides advanced security features.
7+
It offers hardware-based security functions including cryptographic operations, secure key storage, and protection against physical and logical attacks.
8+
The SE050 Secure Element is certified to Common Criteria EAL 6+ security level and includes features like RSA, ECC, AES, and SHA algorithms, making it ideal for the Nitrokey 3.
9+
It usage is optional and provides faster performance and some additional features.
10+
11+
There are several apps on the Nitrokey 3 of which current only OpenPGPCard (opcard) and PIV (piv) are using it. PIV depends on the Secure Element and does not run without it being enabled.
12+
Passwords (secrets) and FIDO2 (fido-authenticator) are not making use of it.
13+
14+
Activation and Deactivation
15+
---------------------------
16+
The Secure Element is enabled by default if no key is already saved on the device. This is automatically the case after reset of the opcard or the whole device. Activating the Secure Element for the opcard app will delete all current keys.
17+
18+
To check whether the Secure Element is activated run
19+
20+
* nitropy nk3 get-config opcard.use_se050_backend
21+
22+
To enable the Secure Element
23+
24+
* nitropy nk3 set-config opcard.use_se050_backend true
25+
26+
To disable the Secure Element
27+
28+
* nitropy nk3 set-config opcard.use_se050_backend false
29+
30+
Additional Features
31+
-------------------
32+
33+
The following features are exclusively usable with the Secure Element being enabled:
34+
35+
Secure key storage:
36+
37+
* RSA4096
38+
* RSA3072
39+
40+
41+
The following Elliptic Curve algorithms can only be used with the SE50 enabled:
42+
43+
* NIST P-384
44+
* NIST P-521 (secp256r1/prime256v1, secp384r1/prime384v1, secp521r1/prime521v1)
45+
* brainpoolp256r1
46+
* brainpoolp384r1
47+
* brainpoolp512r1
48+
* SECP256K1 (Test release)
49+
50+
TODO:
51+
maybe + a link to the product page or data-sheet
52+
table for comparison
53+
54+
55+

0 commit comments

Comments
 (0)