ESP32 Store encryption key

I want to encrypt and store some sensitive data on an esp32 in preferences. However the question is whether are there some default encryption keys available on the esp32? Or if I need to store my own encryption keys on esp32 where should I store it? How should I store it in a secured way?


What do you want to achieve?

In most cases encrypting data on the ESP32 with a key available on the ESP32 doesn't make much sense, you can simply store it without using encryption.
What attacks do you want to protect from using that encryption?

I want to store username and password for the device to connect to our servers.

And what exactly is the attack vector if you just store that unencrypted? I mean compared to storing that data encrypted.

I the original question was if there is special hardware on the ESP32 to support safe storage the answer is no (at least to my knowledge).
But you can program the eFuses to disable external access. But this might disable software upgrades and the likes too.

The ESP32 supports flash encryption in hardware so you can encrypt your data but as I wrote earlier, you have to think about what type of attack you want to defend against. An attacker with physical access can read the encryption key too given the device is not nailed by eFuses.

Thanks Pylon.

The attack vector is fairly minimum since the attacker can only send button pressed events. The device can be blacklisted on the server. We need software upgrades so efuses might not be the right idea.

In this case I recommend to simply store the key on the device without any further provisions.

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.