I want to encrypt and store some sensitive data on an esp32 in preferences. However the question is whether are there some default encryption keys available on the esp32? Or if I need to store my own encryption keys on esp32 where should I store it? How should I store it in a secured way?
In most cases encrypting data on the ESP32 with a key available on the ESP32 doesn't make much sense, you can simply store it without using encryption.
What attacks do you want to protect from using that encryption?
And what exactly is the attack vector if you just store that unencrypted? I mean compared to storing that data encrypted.
I the original question was if there is special hardware on the ESP32 to support safe storage the answer is no (at least to my knowledge).
But you can program the eFuses to disable external access. But this might disable software upgrades and the likes too.
The ESP32 supports flash encryption in hardware so you can encrypt your data but as I wrote earlier, you have to think about what type of attack you want to defend against. An attacker with physical access can read the encryption key too given the device is not nailed by eFuses.
The attack vector is fairly minimum since the attacker can only send button pressed events. The device can be blacklisted on the server. We need software upgrades so efuses might not be the right idea.