I would like to ask you a question regarding the security features of the Thunderboard React board. It features a BGM111 BLE module which consists of a CRYPTO unit providing support for ECC and AES for instance.
I am wondering about where the actual private keys of those algorithms are stored?
Are they saved and protected on hardware or do they have to be hardcoded inside the user program and are stored in flash memory?
Thank you in advance!
The Thunderboard React firmware does not enable encryption, but encryption is supported by the Bluetooth Smart stack and can be added to the Thunderboard React firmware as well. This includes support for the LE Secure Connections added in Bluetooth 4.2. These functions use AES and ECC HW acceleration in the Wireless Geckos to speed up the cryptographic calculations. The stack generates new private keys for each pairing on the fly and these are discarded automatically by the stack after the pairing process. At this point the symmetric key for the pairing is stored in flash by the stack.In any case the keys are handled internally to the stack, so the user application doesn't really need to generate or store these in any way.