This is an automated email from the ASF dual-hosted git repository. jiuzhudong pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nuttx.git
commit 83fdd685dfaf37c14c9cb1c8b017603d4efc260c Author: makejian <[email protected]> AuthorDate: Tue Jan 27 10:53:36 2026 +0800 docs: enhance crypto documentation with key management features Add detailed documentation for: - MTD-based key storage and persistence - AES key generation with multiple key sizes - ECC P-256 key pair generation for ECDSA operations - Key lifecycle management (save/load/delete) Signed-off-by: makejian <[email protected]> --- Documentation/components/crypto.rst | 43 +++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/Documentation/components/crypto.rst b/Documentation/components/crypto.rst index f619ca2eab5..4674ddca7cc 100644 --- a/Documentation/components/crypto.rst +++ b/Documentation/components/crypto.rst @@ -186,3 +186,46 @@ The cryptodev module supports RSA digital signatures via the cryptokey interface - Output: verification result Both padding schemes are supported via the cryptokey ioctl interface accessible through ``/dev/crypto``. + +Key Management Operations +-------------------------- + +The cryptodev module provides comprehensive key management interfaces: + +**Key Generation** + +- CRK_GENERATE_AES_KEY: Generate AES key data with specified key ID + - Supports 128-bit, 192-bit, and 256-bit key generation + - Generates cryptographically secure random AES keys using software implementation + - Keys can be used immediately for AES encryption/decryption operations + +- CRK_GENERATE_RSA_KEY: Generate RSA keypair (public and private) with specified key ID +- CRK_GENERATE_SECP256R1_KEY: Generate ECDSA keypair on SECP256R1 curve with specified key ID + - Generates P-256 elliptic curve keypairs for ECDSA operations + - Uses NuttX's lightweight ECC implementation for key generation + - Generated keys can be used for ECDSA digital signature operations + +**Key Lifecycle Management** + +- CRK_DELETE_KEY: Remove key with specified key ID from the driver +- CRK_SAVE_KEY: Persist key data to FLASH storage for non-volatile storage +- CRK_LOAD_KEY: Load previously saved key data from FLASH into RAM + +**MTD-based Key Storage** + +NuttX supports persistent key storage using MTD (Memory Technology Device): + +- Keys can be saved to MTD-based storage for non-volatile persistence +- Software-based key management (swkey) provides transparent MTD integration +- Keys are automatically loaded from MTD upon system initialization +- Supports both symmetric (AES) and asymmetric (RSA, ECC) key storage +- Enables secure device configuration and credential persistence across reboots + +**Cryptographic Operations Using Keys** + +Once keys are allocated, generated, or imported, they can be used for: + +- Symmetric encryption/decryption operations (AES) +- RSA signature generation and verification +- ECDSA digital signature operations +- Key exchange protocols
