NanoTAP
4 minute read
NanoTAP™ is the Trust Anchor Platform (TAP) component of TrustCore SDK. The NanoTAP module provides an extensible architecture that enables applications to establish hardware- or software-based trust anchors through a variety of Security Module Plugins (SMPs).
NanoTAP’s trust abstraction layer gives developers user-friendly APIs that simplify integration with any form of secure element. NanoTAP also provides an abstraction layer for SMPs, which developers can use to leverage common SMP functionality without needing to know the details for any particular SMP. Additionally, NanoTAP allows other TrustCore SDK components – particularly NanoCrypto – to handle hardware keys and software keys in the same manner, making it easier to write applications for devices that may or may not use a secure element.
To reduce complexity, NanoTap does not provide a comprehensive interface for every supported SE. Instead, NanoTAP supports the most common and useful operations to enable hardware-based cryptographic operations and establish hardware-based trust anchors with minimal overhead.
Note
Using functionality specific to a secure element requires familiarity with the secure element’s SMP.
- Application developers using the advanced features of an SMP should refer to the documentation for that specific SMP.
- SMP developers should refer to the NanoSMP documentation for an overview of the functionality that all SMPs must support.
NanoTAP is available in two models:
License
This project is available under a dual-license model:
- Open Source License: GNU Affero General Public License v3 (AGPL v3): This license allows you to use, modify, and distribute the code for free in accordance with AGPL terms.
- Commercial License: If you wish to use TrustCore SDK in a proprietary or commercial product (e.g., embedded in closed-source firmware or commercial SaaS applications), a commercial license is available under DigiCert’s Master Services Agreement (MSA). Contact us at sales@digicert.com for commercial licensing details.
Key features
NanoTAP provides a common API for all supported secure elements. Some of the advantages include:
- Byte-efficient codebase that is smaller than open-source implementations
- Speeds integration and testing of complex cryptographic functions for your product
- Abstraction layer for portability across secure elements
- Ability to select a secure element at runtime
- Remote access service for Linux platforms (optional)
- No reliance on the open-source community’s OpenSSL library
- Easy transition for devices already integrated with TrustCore SDK
- Simple APIs for C, C++, and Java applications
- Integration with the Enrollment over Secure Transport (EST) protocol (RFC-7030)
- OS- and platform-agnostic for easy portability
- Guaranteed GPL-free code protects your intellectual property
NSA Suite B cryptographic algorithms
Suite B cryptography is a set of cryptographic algorithms and protocols specified by NIST that are approved by the NSA for protecting classified and unclassified National Security Systems (NSS). NanoTAP supports NSA Suite B cryptographic algorithms to provide a holistic approach for securing networked devices and services. This is ideally suited for high-traffic enterprise and federal environments where performance is critical.
Note
Where the underlying secure element provides support for Suite B algorithms, the APIs are available through the SMP for the secure element.Custodian of passwords
NanoTAP does not store any passwords. The end-user or application must manage any passwords required to use the underlying security module. These passwords must be obtained from the system administrator or owner responsible for initialization of the security module. The custodian varies by customer organization and corporate policy.
System requirements
Memory requirements
NanoTAP has a minimum memory footprintEstimate based on Intel x86 builds. of 640KBIncludes NanoCrypto and NanoSSL..
Typical memory usage is with a full set of ciphers and may vary (decrease or increase) based on 32/64-bit, x86/ARM/MIPS, reduced set of ciphers, static/shared library, and compile flags.
Supported operating systems
NanoTAP is currently supported on the following operating systems:
- Linux (Ubuntu, Debian, Raspbian, CentOS)
- Microsoft® Windows
- FreeRTOS
- ThreadX
For other operating systems, DigiCert can provide a guide to assist the customer or partner with porting to another operating system or RTOS.
Supported operating platforms
NanoTAP is currently supported on the following operating platforms:
- Intel® x86
- ARM A/M Series
- Hardware Acceleration — Intel AES-NI, Vendor Extensions via NanoCrypto Callbacks
Supported secure elements
- TCG-compliant TPM 2.0/1.2 chipsets on Windows/Linux (requires NanoSMP for TPM 2.0/1.2 respectively)
- NXP A71CH on FreeRTOS (requires NanoSMP for NXP-A71CH)
- Renesas S5 on ThreadX (requires NanoSMP for Renesas-S5)
- PKCS#11 SIM on Linux (requires NanoSMP for PKCS#11 SIM)
- TEE ARM TrustZone
Was this page helpful?
Provide feedback