Page 1 of 1
how to store sensible data that cannot be accessed
Posted: Thu Aug 01, 2024 9:59 am
by aygh4266
Hello everyone,
Since I am new in espressif world. I would like to know how to store sensible data like signature key in esp32s3.
I came across nvs encryption. Is this the write way to do that ??
Best regards
Re: how to store sensible data that cannot be accessed
Posted: Thu Aug 01, 2024 11:26 am
by MicroController
aygh4266 wrote: ↑Thu Aug 01, 2024 9:59 am
I came across nvs encryption. Is this the right way to do that ??
It might be.
However, specifically for signing keys, the
Digital Signature peripheral with key material stored in read-protected eFuses may be a better/more secure option.
Re: how to store sensible data that cannot be accessed
Posted: Tue Aug 06, 2024 8:10 am
by aygh4266
MicroController wrote: ↑Thu Aug 01, 2024 11:26 am
aygh4266 wrote: ↑Thu Aug 01, 2024 9:59 am
I came across nvs encryption. Is this the right way to do that ??
It might be.
However, specifically for signing keys, the
Digital Signature peripheral with key material stored in read-protected eFuses may be a better/more secure option.
Thanks a lot for the quick answer. I have read more about the nvs encryption and the flash encryption. Enabling the flash encryption is a prerequisite fpr nvs encryption. Since the key for flash encryption is stored in the eFuse (in the hardware) and the nvs key in the partition nvs key (so in the software), it makes me confused why the flash encryption a prerequisite is.
Re: how to store sensible data that cannot be accessed
Posted: Tue Aug 06, 2024 10:48 am
by MicroController
The NVS encryption key is stored in the NVS key partition in flash, so without flash encryption the NVS key would be easily extractable from flash by an attacker.
The hardware-based flash encryption itself is not really suitable for NVS use because NVS needs to update small pieces of data in flash each time an entry is created or updated, which the hardware encryption doesn't support.
Re: how to store sensible data that cannot be accessed
Posted: Tue Aug 06, 2024 11:19 am
by aygh4266
MicroController wrote: ↑Tue Aug 06, 2024 10:48 am
The NVS encryption key is stored in the NVS key partition
in flash, so without flash encryption the NVS key would be easily extractable from flash by an attacker.
The hardware-based flash encryption itself is not really suitable for NVS use because NVS needs to update small pieces of data in flash each time an entry is created or updated, which the hardware encryption doesn't support.
Ok but the flash encryption is based on storing the key in eFuses which the nvs encryption doesn't do. I can understand that the nvs key should be encrypted but I can't understand how it will be encrypted.
So the nvs key will be stored in the nvs key parition in flash and the nvs key parition will be encrypted using flash encryption, which will use another key stored in the eFuse. Is my interpretation correct ?
Re: how to store sensible data that cannot be accessed
Posted: Tue Aug 06, 2024 11:24 am
by MicroController
aygh4266 wrote: ↑Tue Aug 06, 2024 11:19 am
So the nvs key will be stored in the nvs key parition in flash and the nvs key parition will be encrypted using flash encryption, which will use another key stored in the eFuse. Is my interpretation correct ?
Yes
Re: how to store sensible data that cannot be accessed
Posted: Tue Aug 06, 2024 11:40 am
by aygh4266
MicroController wrote: ↑Tue Aug 06, 2024 11:24 am
aygh4266 wrote: ↑Tue Aug 06, 2024 11:19 am
So the nvs key will be stored in the nvs key parition in flash and the nvs key parition will be encrypted using flash encryption, which will use another key stored in the eFuse. Is my interpretation correct ?
Yes
Ok thanks a lot
. So since the nvs key ist not executable cause it is hardware-encrypted , as a result, a physical readout of nvs parition, where the encrypted data will be stored later, will not be sufficient to recover most contents.
Sorry for the many questions, but I read an article and it confused me a lot