wolfSSL Asymmetric Cryptography Support

One of the software libraries that is provided by wolfSSL includes the wolfCrypt crypto engine. wolfCrypt includes support for single-precision math, ECC, extensive list of supported ciphers, key/certificate generation, and also Asymmetric cryptography! Asymmetric cryptography differs from regular (synchronous) cryptography that instead of using a singular shared key, they will use a key-value pair. Popular algorithms where this is found include RSA, DH, and ECC - which are algorithms supported and implemented by wolfSSL!

wolfSSL's implementation of these Asymmetric algorithms can also be tuned based on the user's needs as well. For example, if a user requires the same security offered by these algorithms in combination with high performance fast encryption, wolfSSL has the options (or corresponding macro definitions) --enable-fastmath and --enable-fast-rsa available for use. Additionally, if a user needs to improve protection against attacks targeting implementations of these algorithms, wolfSSL has options to improve the security of its implementations of these Asymmetric algorithms. The options for these improvements are --enable-maxstrength and --enable-harden. These options can also be enabled by adding their corresponding defines within the settings file that is in use by the system, and are listed below:

  • --enable-fastmath corresponds with USE_FAST_MATH
  • --enable-fast-rsa has many different defines that would be used for many different devices, as hardware encryption and architecture comes in to play. It also requires the user have fast RSA libraries in place. Please contact support@wolfssl.com for assistance with enabling this.
  • --enable-maxstrength corresponds with WOLFSSL_MAX_STRENGTH
  • --enable-harden corresponds with TFM_TIMING_RESISTANT, ECC_TIMING_RESISTANT, and WC_RSA_BLINDING if using rng.

For more information about wolfSSL or wolfCrypt's implementation of various algorithms, please contact facts@wolfssl.com.