ESP32S2 Digital Signature Peripheral vs. HSM

[askpatrickw]

I was reading up about the Digital Signature Peripheral in the ESP32SS. How does this compare to a traditional dedicated Hardware Securirity Module (HSM)?


Reference for Digital Signature Peripheral in the ESP32SS
https://www.espressif.com/sites/default ... ual_en.pdf

25.Digital Signature
25.1Overview
Digital signatures provide a way to cryptographically authenticate a message using a private key, to be verified using the corresponding public key. This can be used to validate a device’s identity to a server, or to authenticate the integrity of a message has not been tampered with.ESP32-S2 includes a digital signature (DS) peripheral which produces hardware accelerated RSA digital signatures, without the RSA private key being accessible by software.
25.2Features

• RSA Digital Signatures with key lengths up to 4096 bits
• Private key data is encrypted and only readable by DS peripheral
• SHA-256 digest is used to protect private key data against tampering by an attacker

Thank you,
-Patrick

[ESP_Angus]

Hi Patrick,

You're correct that the Digital Signature Peripheral is intended to fill a similar role to an on-board and off-chip HSM. In both cases, the idea is to have some secret key material that cannot easily be copied by an attacker even if they obtain full access to the hardware and software.

The main difference is that HSMs come with a variety of features and algorithm support. ESP32-S2 Digital Signature Peripheral can only generate RSA signatures for various key lengths - it can't perform any other type of calculation.

[askpatrickw]

Thank you Angus that was very helpful!

-Patrick