The NXP EdgeLock SE050 is a popular secure element providing a strong root of trust for IoT devices, known for its “Plug & Trust” simplicity. wolfSSL has consistently supported the SE050, enabling robust hardware-based security for TLS, cloud onboarding, and data protection. However, managing cryptographic keys on secure elements during development can often be a cumbersome task.
With the release of wolfSSL 5.8.0, we’re excited to introduce enhancements that significantly streamline the developer experience with the NXP SE050, most notably a new feature for automatic key deletion.
Simplifying Key Management with Automatic Key Deletion
During development and testing, developers frequently create and discard numerous cryptographic keys. On the SE050, these keys occupy persistent storage slots. Without careful manual cleanup, the keystore can quickly fill up, leading to errors and slowing down progress.
The Solution: WOLFSSL_SE050_AUTO_ERASE
A key improvement in wolfSSL 5.8.0. is the introduction of the WOLFSSL_SE050_AUTO_ERASE preprocessor define. When wolfSSL is compiled with this option, any key generated on or loaded into the SE050 via wolfSSL will be automatically erased from the secure element when the corresponding wolfCrypt key object in your application is freed (e.g., via wc_ecc_free()).
Benefits for Developers:
- Faster Iteration: Experiment freely without worrying about manual SE050 key cleanup.
- Simplified Testing: Automated tests that generate keys on the SE050 become more robust, as the risk of a full keystore is minimized.
- Reduced Clutter: Keeps the SE050 keystore clean from temporary development keys.
- Focus on Application Logic: Spend more time on your core application and less on SE050 housekeeping during development.
This feature is a significant quality-of-life improvement, making the powerful SE050 even more accessible, especially during rapid prototyping and testing phases.
Complementary SE050 Refinements
Alongside this key management enhancement, wolfSSL 5.8.0 also includes other refinements to our SE050 implementation. While the automatic key deletion is a highlight for developer workflow, these additional contributions are vital for the overall stability and performance of wolfSSL’s SE050 support, ensuring a polished and reliable experience.
Why These Enhancements Matter
These improvements in wolfSSL 5.8.0 underscore our commitment to providing security solutions that are not only robust but also developer-friendly. By reducing friction in the development process, we empower you to build secure applications more efficiently.
Getting Started
- Download wolfSSL 5.8.0: Get the latest release from our download page.
- Enable Automatic Key Deletion: Compile wolfSSL with the WOLFSSL_SE050_AUTO_ERASE define. For example, using autoconf: ./configure –with-se050 CFLAGS=”-DWOLFSSL_SE050_AUTO_ERASE” This is an opt-in feature, ideal for development and testing builds.
- Consult Documentation: For full details on SE050 integration, refer to the README_SE050.md in the wolfSSL source (wolfcrypt/src/port/nxp/) and our examples in the wolfssl-examples repository.
Conclusion
The SE050 enhancements in wolfSSL 5.8.0, especially the automatic key deletion feature, make integrating hardware security with NXP’s SE050 smoother and more efficient. wolfSSL continues to provide cutting-edge security that is easy for developers to use.
- Explore the Code: Dive into the source code for these new SE050 enhancements on the wolfSSL GitHub repository: (https://github.com/wolfSSL/wolfssl).
- Contact Us: For questions, email us at facts@wolfssl.com or visit our support forums.
We’re excited for you to try these new features and experience a more streamlined SE050 development workflow!
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now