Enabling nRF Security
To enable nRF Security, set the CONFIG_NRF_SECURITY Kconfig option.
You can use nRF Security with the PSA Crypto APIs or the Legacy crypto APIs.
- PSA Crypto APIs
The PSA Crypto in the nRF Connect SDK provides secure crypto operations through standardized Platform Security Architecture. Using one of the two available implementations of the PSA Crypto API, the SDK implements the cryptographic features in software or using hardware accelerators, or both.
The PSA Crypto API is enabled by default when you enable nRF Security. For more information, see Configuring PSA Crypto API. For the list of supported crypto features, see Supported cryptographic operations in the nRF Connect SDK.
Depending on the implementation you are using, the nRF Connect SDK builds nRF Security using different versions of the PSA Crypto API.
PSA Crypto API versions by implementation Implementation
- Legacy crypto APIs
The legacy crypto is a subsystem for software that requires Mbed TLS crypto toolbox API functions that are prefixed with
mbedtls_. It provides TLS and DTLS support and backwards compatibility with older applications that do not use PSA Crypto APIs. The legacy crypto uses alternative implementations (called backends) of the drivers that are also used for the PSA Crypto API support.To enable the legacy crypto support mode of nRF Security:
Set the
CONFIG_NRF_SECURITYKconfig option.
For more configuration options, see Configuring nRF Security with legacy crypto APIs.