User manual
Security Characteristics
7
4.4. True Random Number Generator (TRNG)
The True Random Generator (TRNG) passes the American NIST Special Publication
800-22 and the Diehard Random Tests Suites. It provides a 32-bit value every 84 clock
cycles.
4.5. taskit Vaultsec
In the Stamp series taskit has implemented a further cryptographic chip, that supports
secure, unreadable storing of keys for SHA-256 hashes and ECC public/private key
cryptographic algorithms.
• SHA-256 Hash Algorithm
• FIPS186-3 Elliptic Curve Algorithm
• Storage for up to 16 Keys
• Anti-clone for Accessoires and Base Boards
• Secure Boot Validation
• Network and Computer Access Control
• Software Anti-piracy
• Password Handling
• Authenticated or Encrypted Network Communications
A public/private key pair can be generated by the cryptographic chip, where the private
key is stored unreadable on the chip and is not known even to the user himself. The public
key can be distributed and used for client/server authentication or for cloning prevention,
when combined with the same chip on a base board.
The ECC public/private key pair can be used to negotiate an AES session key securely
for using the microcontroller's AES engine resulting in a performant communication
encryption and decryption. Likewise an AES key can be encrypted by the public key and
stored in the filesystem. It can then be used to en- and decrypt files and applications fast.
The ECC public/private key pair can also be used directly to en- and decrypt low volume
communication, files and applications.
The SHA algorithm enables to create unique checksums of your applications or
configuration files ensuring their integrity.
The taskit Vaultsec solution is supported by a Linux driver. More information about this
feature is available via our support.