Cryptography in the nRF Connect SDK

Nordic Semiconductor requires following Platform Security Architecture (PSA) for product development with the nRF Connect SDK to ensure appropriate security implementation in IoT devices.

The nRF Connect SDK implements cryptographic operations through the mandatory PSA Certified Crypto API standard, which provides an interface for cryptographic functions across different hardware platforms. The SDK supports the following PSA Crypto API implementations:

• Direct PSA Crypto API access through Oberon PSA Crypto for applications that do not require additional security isolation or devices without TrustZone.

• Access through Trusted Firmware-M (TF-M) for applications requiring enhanced security through hardware-enforced separation.

For more information about these implementations, see the Cryptographic architecture overview page.

All cryptographic functionality is accessed through the nRF Security library, which integrates and configures the PSA Crypto implementation with various cryptographic drivers.

For practical examples of cryptographic operations, see the cryptography samples. For more information about PSA Crypto within the broader context of the PSA Certified IoT Security Framework, see the PSA Certified Security Framework overview page.

Subpages:

• Cryptographic architecture overview
  • PSA Crypto API architecture
  • Implementations in the nRF Connect SDK
• Cryptographic drivers
  • Driver architecture within Oberon PSA Crypto
  • Driver selection
  • Driver overview
  • API documentation
• Configuring PSA Crypto API
  • Enabling PSA Crypto API
  • Configuring single drivers
  • Configuring multiple drivers
  • Configuring cryptographic features
  • Building PSA Crypto API
• Supported cryptographic operations in the nRF Connect SDK
  • Support definitions
  • Hardware support for PSA Crypto implementations
  • Cryptographic feature support