Skip navigation

Crypto Library in SEGGER Security Products

The foundation of all SEGGER security products - emSSL, emSSH, emSecure-RSA, and emSecure-ECDSA - is a cryptographic algorithm library toolkit.

Crypto Libraries for Embedded Systems

The library is designed for embedded systems, to be small, efficient, secure, and broad enough to function as the basis of security protocols such as SSL, SSH, and IPSec. It targets what is needed for industry-standard protocols, and does this with robust, cleanly-engineered code.

More information about emCrypt, SEGGER's Cryptographic Algorithm Library

Supported Capabilities

Ciphers for bulk encryption

The following ciphers are supported by emCrypt, with optional hardware acceleration:

  • AES-128, AES-192, AES-256
  • DES and TripleDES (also known as 3DES or TDES) with all keying options
  • CAST
  • ARIA
  • SEED
  • Camellia
  • Twofish
  • Blowfish

All cipher algorithms support ECB, CBC, OFB, and CTR modes take advantage of the underlying cipher accelerator when available.  In addition, 128-bit ciphers, such as AES, support CCM and GCM authenticated encryption modes with optional hardware acceleration.

Hash algorithms

Hash algorithms are also known as message digest algorithms or compression functions: they provide a means to produce a digital fingerprint of some data, such as a document, and make it infeasible to produce another document with an identical fingerprint.

  • MD5, RIPEMD-160, SHA-1
  • SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256
  • SHA3-224, SHA3-256, SHA3-384, SHA3-512

All hash algorithms take advantage of the underlying hash accelerator when available.

MAC algorithms

Message authentication codes (MACs) guard against transmission errors and malicious data tampering.

  • HMAC-MD5, HMAC-RIPEMD-160, HMAC-SHA-1, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-512/224, HMAC-SHA-512/256, HMAC-SHA3-224, HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512
  • KMAC

All MAC algorithms take advantage of the underlying cipher or hash accelerator when available.

Key derivation

Key derivation functions calculate symmetric keys to use from an agreed secret.

  • KDF1-SHA-1, KDF1-SHA-224, KDF1-SHA-255, KDF1-SHA-384, KDF1-SHA-512, KDF1-SHA-512/224, KDF1-SHA-512/256
  • KDF2-SHA-1, KDF2-SHA-224, KDF2-SHA-255, KDF2-SHA-384, KDF2-SHA-512, KDF2-SHA-512/224, KDF2-SHA-512/256
  • X9.63-KDF-SHA-1, X9.63-KDF-SHA-224, X9.63-KDF-SHA-256, X9.63-KDF-SHA-384, X9.63-KDF-SHA-512, X9.63-KDF-SHA-512/224, X9.63-KDF-SHA-512/256
  • HKDF-MD5, HKDF-RIPEMD-160, HKDF-SHA-1, HKDF-SHA-224, HKDF-SHA-255, HKDF-SHA-384, HKDF-SHA-512, HKDF-SHA-512/224, HKDF-SHA-512/256
  • PBKDF2-SHA-1, PBKDF2-SHA-224, PBKDF2-SHA-256, PBKDF2-SHA-384, PBKDF2-SHA-512, PBKDF2-SHA-512/224, PBKDF2-SHA-512/256

All key derivation algorithms take advantage of the underlying hash accelerator when available.

Random bit generators

High-quality random data is essential for many cryptographic protocols and algorithms. emCrypt supports NIST random bit generators and the highly regarded Fortuna cryptographically secure random number generator.

  • Fortuna
  • Hash-DRBG-SHA-1, Hash-DRBG-SHA-224, Hash-DRBG-SHA-256, Hash-DRBG-SHA-384, Hash-DRBG-SHA-512, Hash-DRBG-SHA-512/224, Hash-DRBG-SHA-512/256

All DRBG algorithms take advantage of the underlying cipher or hash accelerator when available.

Digital signatures

Digital signatures provide an assurance that a document, or a collection of data, is authentic and unmodified.

  • RSASSA-PSS with approved and configurable hash algorithms
  • RSASSA-PKCS1 with approved and configurable hash algorithms
  • ECDSA using all NIST prime curves and Brainpool curves and with approved and configurable hash algorithms
  • Ed25519