Your "One-Stop-Shop" for your next Embedded Project

Stacks Image pp8024_n8016_n7993

emCrypt for secure Applications


The building blocks for today's secure protocols

emCrypt provides the building blocks for today's secure protocols. Security has never been so important with the explosion of devices that are now connected to the Internet. emCrypt has proven itself within SEGGER and is the foundation that emSSL, emSSH and emSecure-RSA, emSecure-ECDSA are built upon.

Features

  • Supports modern cryptography standards
  • NIST-validated implementations of many algorithms
  • Secure, fast, and cleanly-written code
  • Extensive 2,000 page manual covering all API features and functions
  • Decoupled implementation links only what you need
  • Public key cryptography (RSA, DSA, ECDSA, EdDSA)
  • Fast, tunable ciphers, hash algorithms, and message authentication codes (MACs)
  • Key derivation, key wrapping, key encapsulation
  • Random bit generation, cryptographically secure pseudo-random numbers

Why should I use emCrypt?


  • emCrypt offers a wide range of cryptographic capabilities that are the basis of many security protocols.
  • emCrypt can be configured for minimal memory footprint for constrained devices but can also scale to faster performance on systems that have more resources.
  • emCrypt is a high-quality product designed to be used easily but without limitations.
  • emCrypt is not covered by an open-source or required-attribution license and can be integrated in any free, commercial, or proprietary product without the obligation to disclose the combined source.
  • emCrypt is provided as source code and offers transparency for all included modules, allowing inspection by auditors.
  • emCrypt is portable. The complete software is written in ANSI C and is compiler and target independent. It can be implemented in PC applications and in embedded designs.
  • emCrypt is configurable. It is created for high performance and a low memory footprint. The library can be configured for size or speed. Unused features can be excluded, additional features can easily be added.
  • emCrypt supports pluggable cryptographic algorithms and hardware acceleration. Hardware acceleration for popular microcontrollers is available as an option.

The emCrypt Package


emCrypt is a complete package and comes with everything needed to secure communication.

It includes all modules which implement the required functionality to use SSH. They are provided in source code, to allow complete control of the code that is used in the product and create transparency to avoid worries about possible back doors or weakness in code, which cannot be checked in precompiled libraries.

emCrypt comes with a simple, yet powerful API to make using emCrypt in your product as simple as possible.

It also includes sample applications in source form which demonstrate how to use the emCrypt API.

Supported Capabilities


Ciphers for bulk encryption

The following ciphers are supported by emCrypt, with optional hardware acceleration:

  • AES-128, AES-192, AES-256
  • DES and TripleDES (also known as 3DES or TDES) with all keying options
  • CAST
  • ARIA
  • SEED
  • Camellia
  • Twofish
  • Blowfish

All cipher algorithms support ECB, CBC, OFB, and CTR modes take advantage of the underlying cipher accelerator when available. In addition, 128-bit ciphers, such as AES, support CCM and GCM authenticated encryption modes with optional hardware acceleration.

Hash algorithms

Hash algorithms are also known as message digest algorithms or compression functions: they provide a means to produce a digital fingerprint of some data, such as a document, and make it infeasible to produce another document with an identical fingerprint.

  • MD5, RIPEMD-160, SHA-1
  • SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256
  • SHA3-224, SHA3-256, SHA3-384, SHA3-512

All hash algorithms take advantage of the underlying hash accelerator when available.

MAC algorithms

Message authentication codes (MACs) guard against transmission errors and malicious data tampering.

  • CMAC-AES, CMAC-TDES, CMAC-SEED, CMAC-ARIA, CMAC-Camellia, CMAC-Twofish
  • GMAC-AES, GMAC-SEED, GMAC-ARIA, GMAC-Camellia, GMAC-Twofish
  • HMAC-MD5, HMAC-RIPEMD-160, HMAC-SHA-1, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-512/224, HMAC-SHA-512/256, HMAC-SHA3-224, HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512
  • KMAC

All MAC algorithms take advantage of the underlying cipher or hash accelerator when available.

Key derivation

Key derivation functions calculate symmetric keys to use from an agreed secret.

  • KDF1-SHA-1, KDF1-SHA-224, KDF1-SHA-255, KDF1-SHA-384, KDF1-SHA-512, KDF1-SHA-512/224, KDF1-SHA-512/256
  • KDF2-SHA-1, KDF2-SHA-224, KDF2-SHA-255, KDF2-SHA-384, KDF2-SHA-512, KDF2-SHA-512/224, KDF2-SHA-512/256
  • X9.63-KDF-SHA-1, X9.63-KDF-SHA-224, X9.63-KDF-SHA-256, X9.63-KDF-SHA-384, X9.63-KDF-SHA-512, X9.63-KDF-SHA-512/224, X9.63-KDF-SHA-512/256
  • HKDF-MD5, HKDF-RIPEMD-160, HKDF-SHA-1, HKDF-SHA-224, HKDF-SHA-255, HKDF-SHA-384, HKDF-SHA-512, HKDF-SHA-512/224, HKDF-SHA-512/256
  • PBKDF2-SHA-1, PBKDF2-SHA-224, PBKDF2-SHA-256, PBKDF2-SHA-384, PBKDF2-SHA-512, PBKDF2-SHA-512/224, PBKDF2-SHA-512/256

All key derivation algorithms take advantage of the underlying hash accelerator when available.

Random bit generators

High-quality random data is essential for many crytpographic protocols and algorithms. emCrypt supports NIST random bit generators and the Fortuna cryptographically secure random number generator.

  • Fortuna
  • Hash-DRBG-SHA-1, Hash-DRBG-SHA-224, Hash-DRBG-SHA-256, Hash-DRBG-SHA-384, Hash-DRBG-SHA-512, Hash-DRBG-SHA-512/224, Hash-DRBG-SHA-512/256
  • HMAC-DRBG-SHA-1, HMAC-DRBG-SHA-224, HMAC-DRBG-SHA-256, HMAC-DRBG-SHA-384, HMAC-DRBG-SHA-512, HMAC-DRBG-SHA-512/224, HMAC-DRBG-SHA-512/256
  • CTR-DRBG-TDES, CTR-DRBG-AES-128, CTR-DRBG-AES-192, CTR-DRBG-AES-256

All DRBG algorithms take advantage of the underlying cipher or hash accelerator when available.

Digital signatures

Digital signatures provide an assurance that a document, or a collection of data, is authentic and unmodified.

  • RSASSA-PSS with approved and configurable hash algorithms
  • RSASSA-PKCS1 with approved and configurable hash algorithms
  • ECDSA using all NIST prime curves and Brainpool curves and with approved and configurable hash algorithms
  • Ed25519

Benchmarks

Refer to https://www.segger.com/emcrypt.html