PSoC 6 RSA: max key size?

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
paulbart1234
Level 2
Level 2
5 questions asked 5 sign-ins 5 replies posted

Hi -

All of the examples for PSoC 6 RSA seem to demonstrate the use of 2048-bit RSA keys.

Some of the PDL docs mention 4096 bits ("Also referred to as Public Key encryption. To receive a message, you publish a very large public key (up to 4096 bits currently), and I see "CY_CRYPTO_RSA4096_MESSAGE_SIZE" defined in the PDL documentation (PSoC 6 Peripheral Driver Library: Macros ), but not in the ".h" file in my PDL 3.1.2 installation.  So, I'm unsure if 4096-bit keys should be expected to work or not.

When I try to use a 4096-bit key, Cy_Crypto_Rsa_Proc() returns 0 (CY_CRYPTO_SUCCESS), but the buffer passed to it for output has not been touched (it seems to be a no-op).

I don't know if the issue is with my use of the functions, or if the PDL just doesn't support 4096-bit keys.

If the latter, do the "direct" crypto-core functions support larger keys than the client/server functions that I'm currently using?

Thanks for any advice.


EDIT: I'm using PSoC Creator, in case that makes a difference.

0 Likes
1 Solution

I checked with the internal software team. The reason only 2048 bit macro is available is that the internal crypto-driver which is being used has an internal limitation key size limitation of up to 2048 bits. Also, the PSoC6A-BLE2 family has hardware limitations to store numbers bigger than 2048 bit.

For other devices like PSoC6A-2M and PSoC6A-512K families a newer version of crypto-driver will be released which will fix this limitation and add support for 4096-bit keys.

For now, you can only use up-to 2048 bit key sizes. Stay tuned for newer releases of the PDL.

Regards,

Dheeraj

View solution in original post

5 Replies
DheerajK_81
Moderator
Moderator
Moderator
First comment on KBA First comment on blog 5 questions asked

You seem to referrring an older version of the PDL documentation. Based on the version of PDL you are using, you can find the documentation in this particular path: "C:\Program Files (x86)\Cypress\PDL\3.x.x\doc"

For the version 3.1.2, the macro CY_CRYPTO_RSA4096_MESSAGE_SIZE is not available. But 4096 is the max key supported for RSA as mentioned in the Architecture TRM. You can pass in the value directly without the macro. I will check with the internal team why this macro isn't available and if 4096-bit has any known issues when used.

The PDL Code snippet uses 2048-bit key. You can create your Public and Private Key Pair and place it in the "C:\Program Files (x86)\Cypress\PDL\3.1.2\security\secure_image\script\keys" directory.

Then run the "rsa_keygen.bat" script found in the scripts directory to generate the C code for the keys. A new folder "keys_generated" will be created with the file "rsa_to_c_generated.txt" which contains the C code you can paste in your application.

Both client-server and the direct crypto core APIs support max RSA key size of 4096. 2048.

Please attach your project so that we can get insight into your issue.

Regards,

Dheeraj

0 Likes

Thanks for the reply.

I'm not trying to use "CY_CRYPTO_RSA4096_MESSAGE_SIZE" directly - just using that as "proof" that the PSoC 6 is supposed to support RSA 4096.

If I use a 4096-bit key, as I said, the output buffer is always unchanged (even though Cy_Crypto_Rsa_Proc() returns SUCCESS)

This is part of a larger project, so difficult to share.  I'll make a simpler project and upload later.

Thanks.

0 Likes

I checked with the internal software team. The reason only 2048 bit macro is available is that the internal crypto-driver which is being used has an internal limitation key size limitation of up to 2048 bits. Also, the PSoC6A-BLE2 family has hardware limitations to store numbers bigger than 2048 bit.

For other devices like PSoC6A-2M and PSoC6A-512K families a newer version of crypto-driver will be released which will fix this limitation and add support for 4096-bit keys.

For now, you can only use up-to 2048 bit key sizes. Stay tuned for newer releases of the PDL.

Regards,

Dheeraj

OK, thank you for checking into this!  I was just starting to make a standalone project that demonstrates the fact that 4096-bit keys don't work - I guess I won't bother finishing it now.

We are using CY8C6247BZI-D54 in our design.  Will it ever support 4096-bit, or is it in the family that has a limit to 2048-bit? (I don’t know much about details of the various “families”).

Thanks

0 Likes

CY8C6247BZI-D54 belongs to the PSoC6 1M family and has an older version of the crypto-driver, so it will only support up-to 2048-bit.

Regards,

Dheeraj