NanoCrypto
NanoCrypto is a sophisticated, FIPS-certified cryptographic engine purpose-built for resource-constrained embedded systems environments. With out-of-the-box support for more than 35 operating systems (including environments without an OS), NanoCrypto allows device OEMs and ISVs to build confidentiality, integrity, and authentication features directly into almost any type of device or application. As the core cryptographic engine securing millions of devices from hundreds of technology manufacturers worldwide, NanoCrypto is, quite simply, one of the smallest, fastest, and most comprehensive cryptographic cores on the market.
NanoCrypto also supports NSA Suite B crypto algorithms to provide a holistic approach for securing networked devices and services, ideally suited for high-traffic enterprise and federal environments where performance is critical. Suite B cryptography is a set of cryptographic algorithms and protocols specified by NIST that are approved by the NSA for protecting classified and unclassified National Security Systems (NSS) (see US Export Restricted Algorithms).
Key features
NanoCrypto provides these key features:
Small memory footprint and high performance
Speeds integration and testing of complex cryptographic functions for your product
Open standards-based, RFC compliant
PKCS standards-based
Support for PEM, DER, and PKCS#12 certificate formats
Support for TPM-generated keys
Support for post-quantum ciphers
Operators for hardware acceleration
Abstraction platform for compliance with export/import controls
Simple APIs available for C, C++, and Java applications
OS- and platform-agnostic for easy portability
Threadless architecture, synchronous and asynchronous
Guaranteed GPL-free code that protects your intellectual property
System requirements
Memory requirements
NanoCrypto Basic has a minimum memory footprint of 250KB (estimate based on Intel x86 builds).
Typical memory usage is with a full set of ciphers and may vary (decrease or increase) based on 32/64-bit, x86/ARM/MIPS, reduced set of ciphers, static/shared library, and compile flags.
Supported operating systems
NanoCrypto is currently supported on these operating systems:
Linux (Ubuntu, Debian, Raspbian, CentOS)
Solaris
Microsoft® Windows
CygWin
FreeBSD
FreeRTOS
ThreadX
QNX
For other operating systems, if required, DigiCert can provide a guide to assist with porting to another operating system or RTOS.
Supported operating platforms
NanoCrypto is currently supported on these operating platforms:
Intel® x86
ARM A/M Series
Hardware Acceleration — Intel AES-NI, Vendor Extensions via NanoCAP operators or NanoCrypto Callbacks
Secure Element — TPM 2.0/1.2, NXP A71CH, Renesas S5, PKCS#11 SIM, ARM TrustZone
Random number generation
NanoCrypto provides multiple implementations for the secure and efficient generation of random numbers. These implementations are platform independent, but still take advantage of hardware when available. NanoCrypto currently supports these algorithms for random number generation:
CTR DRBG: Defined in NIST 800-90A and can be used in FIPS Inside products.
FIPS186 RNG: Defined in NIST FIPS-186 but cannot be used in FIPS Inside products.
Supported algorithms
The TrustCore SDK-supported algorithms in NanoCrypto are as follows:
Message digests (hash)
NanoCrypto supports these message digest (hash) algorithms:
MD2 (only for backwards compatibility)
MD4 (only for backwards compatibility)
MD5 (only for backwards compatibility)
SHA-1
SHA-224
SHA-256
SHA-384
SHA-512
SHA3-224
SHA3-256
SHA3-384
SHA3-512
SHAKE-128
SHAKE-256
BLAKE2s
BLAKE2b
Message authenticate checksum (MAC)
NanoCrypto supports these message authenticate checksum (MAC) algorithms:
HMAC with MD5 (only for backwards compatibility)
HMAC with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
Poly 1305 MAC
BLAKE2s
BLAKE2b
Symmetric ciphers
NanoCrypto supports these symmetric ciphers:
AES
ECB
CBC
CTR
OFB
CFB 128
DES
ECB
CBC
Triple-DES
ECB
CBC
RC2
ECB
AEAD Ciphers
AES CCM
AES-GCM
ChaCha20-Poly1305
RC4 (Stream Cipher)
RC4
Asymmetric ciphers
NanoCrypto supports these asymmetric ciphers:
Diffie-Hellman (DH)
DSA
RSA
PKCS 1.5
PKCS OAEP
PKCS PSS
ECC (Prime Field Curves and Edward's Curves)
ECDH
EdDH
ECDSA
EdDSA
El Gamal
PBE and key derivation
NanoCrypto supports these PBE and key derivation algorithms:
ANSI X9.63 KDF
NIST KDF 800-108
PKCS#5 PBKDF2 (NIST SP 800-132)
PKCS#12 PBE
TKIP
AESKW (RFC 3394, RFC 5649, NIST SP 800-38f)
Certificate formats
NanoCrypto supports these certificate formats:
.pem
.der
.p12
US export restricted algorithms
This table lists algorithms that are subject to US export restrictions.
Usage | Algorithm | Classification level | |
---|---|---|---|
Secret | Top-Secret | ||
Encryption | AES-GCM | 128-bit key | 256-bit key |
Hashing | SHA-xxx | 256-bit digest | 384-bit digest |
Digital Signature | ECDSA | 256-bit key | 384-bit key |
Key Exchange | ECDH | 256-bit key | 384-bit key |