Skip navigation
  • Can be used with both FAT and EFS file systems
  • All storage device types such as NAND, NOR, SD/MMC cards are supported
  • Minimal changes of the application are required
  • DES and AES with 128-bit and 256-bit key lengths supported
  • Supports encryption of entire media or of individual files
  • Comes with PC utility to decrypt/encrypt files

emFile - Encryption

Additional component that can be used to secure the data on the file system.

About Encryption

The Encryption add-on provides an easy way to secure the data of individual files or the data of a storage device as a whole. Encryption can be used with both available file systems (EFS and FAT) and with all supported storage device types such as NAND, NOR, and SD / MMC cards.

To use encryption, only minor changes to the application program are required. The rest of the application program works in the same way as without encryption.

Encryption and decryption is performed in the software at high speed. If hardware encryption is supported on the particular target, the file system can easily take advantage of this to increase the performance.

How to Use Encryption

Encryption on Target Side

Using file encryption is very simple from the perspective of the user. The following steps have to be performed to enable encryption in your application:

  • Enable file encryption in the emFile configuration by setting FS_SUPPORT_ENCRYPTION define to 1.
  • Call FS_CRYPT_Prepare() to initialize an encryption object. This operation has to be performed only once.
  • Open a file and call FS_SetEncryptionObject() to assign the encryption object to that file handle.

These are the only changes required to be performed in the application. Everything else is done by the Encryption add-on.

The following sample function opens a file and writes a text message to it. The file contents is encrypted using the DES encryption algorithm.

void FileEncryptionSample(void) {
  FS_FILE                * pFile;
  const U8                 aKey[8] = {1, 2, 3, 4};
  FS_CRYPT_OBJ             CryptObj;
  static FS_DES_CONTEXT    _Context;
  static int               _IsInited;

  // Create the encryption object. It contains all the necessary
  // information for the encryption/decryption of data. This step
  // has to be performed only once.
  if (_IsInited == 0) {
    _IsInited = 1;
  pFile = FS_FOpen("des.bin", "w");
  if (pFile) {
    // Assign the created encryption object to file handle.
    FS_SetEncryptionObject(pFile, &CryptObj);
    // Write data to file using encryption.
    FS_Write(pFile, "This message has been encrypted using", 37);
    FS_Write(pFile, " SEGGER emFile Encryption add-on.\n", 33);

Decryption on PC Side

The file encrypted on the target system can be decrypted on a PC using the File Encrypter command line tool. The following screenshot shows the messages printed out by utily while decrypting the contents of the des.bin file. The decripted contents is stored to des.txt file. In this case the encryption algorithm used is DES as specified unsing the -a option. The File Encrypter utility shows information about the progress of the decrypting process. In case of an error, a message is displayed and the utility returns with a status of 1 and the file is not decrypted.


These performance measurements are in no way complete, but they give an approximation of the length of time required for common operations on various targets.

Target DeviceCPU speedStorage deviceWrite speedRead speed
Freescale Kinetis K60120 MHz NAND flash interfaced via 8-bit bus using AES with an 128-bit key.522 Kbytes/sec553 Kbytes/sec
ST STM32F496 MHz SD card as storage medium using AES with an 128-bit key500 Kbytes/sec530 Kbytes/sec