how to store sensible data that cannot be accessed

aygh4266
Posts: 24
Joined: Mon Mar 04, 2024 10:33 am

how to store sensible data that cannot be accessed

Postby aygh4266 » Thu Aug 01, 2024 9:59 am

Hello everyone,

Since I am new in espressif world. I would like to know how to store sensible data like signature key in esp32s3.
I came across nvs encryption. Is this the write way to do that ??

Best regards

MicroController
Posts: 1756
Joined: Mon Oct 17, 2022 7:38 pm
Location: Europe, Germany

Re: how to store sensible data that cannot be accessed

Postby MicroController » Thu Aug 01, 2024 11:26 am

aygh4266 wrote:
Thu Aug 01, 2024 9:59 am
I came across nvs encryption. Is this the right way to do that ??
It might be.
However, specifically for signing keys, the Digital Signature peripheral with key material stored in read-protected eFuses may be a better/more secure option.

aygh4266
Posts: 24
Joined: Mon Mar 04, 2024 10:33 am

Re: how to store sensible data that cannot be accessed

Postby aygh4266 » Tue Aug 06, 2024 8:10 am

MicroController wrote:
Thu Aug 01, 2024 11:26 am
aygh4266 wrote:
Thu Aug 01, 2024 9:59 am
I came across nvs encryption. Is this the right way to do that ??
It might be.
However, specifically for signing keys, the Digital Signature peripheral with key material stored in read-protected eFuses may be a better/more secure option.
Thanks a lot for the quick answer. I have read more about the nvs encryption and the flash encryption. Enabling the flash encryption is a prerequisite fpr nvs encryption. Since the key for flash encryption is stored in the eFuse (in the hardware) and the nvs key in the partition nvs key (so in the software), it makes me confused why the flash encryption a prerequisite is.

MicroController
Posts: 1756
Joined: Mon Oct 17, 2022 7:38 pm
Location: Europe, Germany

Re: how to store sensible data that cannot be accessed

Postby MicroController » Tue Aug 06, 2024 10:48 am

The NVS encryption key is stored in the NVS key partition in flash, so without flash encryption the NVS key would be easily extractable from flash by an attacker.
The hardware-based flash encryption itself is not really suitable for NVS use because NVS needs to update small pieces of data in flash each time an entry is created or updated, which the hardware encryption doesn't support.

aygh4266
Posts: 24
Joined: Mon Mar 04, 2024 10:33 am

Re: how to store sensible data that cannot be accessed

Postby aygh4266 » Tue Aug 06, 2024 11:19 am

MicroController wrote:
Tue Aug 06, 2024 10:48 am
The NVS encryption key is stored in the NVS key partition in flash, so without flash encryption the NVS key would be easily extractable from flash by an attacker.
The hardware-based flash encryption itself is not really suitable for NVS use because NVS needs to update small pieces of data in flash each time an entry is created or updated, which the hardware encryption doesn't support.
Ok but the flash encryption is based on storing the key in eFuses which the nvs encryption doesn't do. I can understand that the nvs key should be encrypted but I can't understand how it will be encrypted.
So the nvs key will be stored in the nvs key parition in flash and the nvs key parition will be encrypted using flash encryption, which will use another key stored in the eFuse. Is my interpretation correct ?

MicroController
Posts: 1756
Joined: Mon Oct 17, 2022 7:38 pm
Location: Europe, Germany

Re: how to store sensible data that cannot be accessed

Postby MicroController » Tue Aug 06, 2024 11:24 am

aygh4266 wrote:
Tue Aug 06, 2024 11:19 am
So the nvs key will be stored in the nvs key parition in flash and the nvs key parition will be encrypted using flash encryption, which will use another key stored in the eFuse. Is my interpretation correct ?
Yes :)

aygh4266
Posts: 24
Joined: Mon Mar 04, 2024 10:33 am

Re: how to store sensible data that cannot be accessed

Postby aygh4266 » Tue Aug 06, 2024 11:40 am

MicroController wrote:
Tue Aug 06, 2024 11:24 am
aygh4266 wrote:
Tue Aug 06, 2024 11:19 am
So the nvs key will be stored in the nvs key parition in flash and the nvs key parition will be encrypted using flash encryption, which will use another key stored in the eFuse. Is my interpretation correct ?
Yes :)
Ok thanks a lot :) . So since the nvs key ist not executable cause it is hardware-encrypted , as a result, a physical readout of nvs parition, where the encrypted data will be stored later, will not be sufficient to recover most contents.

Sorry for the many questions, but I read an article and it confused me a lot

Who is online

Users browsing this forum: No registered users and 71 guests