PIC32MZ什么时候选择加密与非加密

密码模块有两个很好的特点，使它们更受欢迎。最后，它是关于速度的，并且能够比用软件严格地处理这些东西要快得多。首先，密码模块有它自己的DMA，所以一旦你启动该模块，它就可以处理尽可能多的数据，而不需要CPU介入，在限制范围内。另一方面，这是和声密码库不利用的一个方面，它可以同时处理散列和加密/解密。例如，可以解密数据流，同时计算散列，以验证所输入的数据。否则，软件必须单独计算。这并不意味着在一个具有2M闪存的部分上是重要的，但是硬件模块可以节省软件所需的内存的一部分。



      以下为原文

    There are two nice features of the crypto module that makes them desirable. Ultimately, it's about speed, and being able to run through these things much faster than processing strictly with software.
 
First, the crypto module has its own DMA, so once you kick off the module, it can process as much data as you can feed it without having the CPU intervene, within the limits of the data inside the part. 
 
The other thing, and this is one that the Harmony crypto library doesn't take advantage of, is that it can parallel process both a hash and encryption/decryption at the same time. For example, a data stream can be decrypted, and a hash computed at the same time, to verify the data that came in. Otherwise, software has to compute it separately.
 
Not that this is as important on a part with 2M of Flash, but the hardware module would save some portion of memory needed for software.

好的，即使是简单的事情，例如通过USB验证下载的新固件（例如）是好的；相比之下，仅仅使用一个校验和例程作为数据块被下载，它值得吗？价格差是最小的，所以它几乎像是一个没有头脑的，即使我敢肯定，有什么了不起！！



      以下为原文

    OK - so even for simple things like verifying that downloaded new firmware via USB (for example) is good; compared, say, to just using a checksum routine as blocks of data are downloaded, makes it worth it?
 
The price difference is minimal so it almost seems like a no-brainer, even though I'm sure there're gotchas!!

您不需要密码模块在WiFi链路上使用WPAI或AES的WiFi模块，这是由WiFi模块本身完成的。然而，您将使用它来加速HTTPS或其他加密协议（如果IP栈支持），正如拉里所说，用于安全/数据完整性C的哈希生成。Heks.HiTeDe: -你稍微Ninja我。是的，您可以使用它来进行简单的数据完整性检查，但与CRC（这也可以由DMA引擎在硬件中计算）相比，它可能是多余的。除非你想签你的固件。



      以下为原文

    You wouldn't need the crypto module to use a WiFi module with WPA/AES over the WiFi link, that is done by the WiFi module itself.
 
However you would use it to accelerate HTTPS or other encrypted protocols (if supported by the IP stack), and as Larry said, hash generation for security/data integrity checks.
 
HTH
 
Edit:- You slightly Ninja'd me. Yes you could use it for simple data integrity checks, but it is probably overkill for that, compared to CRC (which can also be computed in hardware by the DMA engine). Unless you want to sign your firmware.

好吧，我不这么认为，但是我想我最好还是问问。我不确定我的设备是否会服务于网页，但我想可能是这样，所以在这个时代，需要HTTPS。而且，如上所述，散列生成等当然是有用的。



      以下为原文

   
OK, didn't think so but thought I'd better ask.

OK - not sure if my device will serve web pages but it might I suppose, so HTTPS would be needed in this day and age. And, as above, hash generation etc. is certainly useful.

It does - thanks :)

密码PAT的一个可能的限制是导出。有出口限制吗？



      以下为原文

    one possible limitation of the crypto pat is export. Does it have export restriction?

你的意思是这个零件可能有出口限制（即我可能无法购买）还是产品？产品不受出口限制。



      以下为原文

   
Do you mean the part may have export restrictions (i.e. I may not be able to purchase it) or the product? The product will not be export restricted.

是的，这一部分确实有出口限制，在像中国这样的地方可能是棘手的（不是不可能的）。这些部件是引脚兼容的，所以它不是很大的差异。在我的工作清单是建立一个加密的引导加载系统。我正在考虑使用这个密码模块，虽然这将是有趣的，看看它是否可以全部符合128K（引导加载程序Flash）



      以下为原文

    Yes, the part does have export restrictions, it can be tricky to source in somewhere like china ( not impossible ). THe parts are pin compatible, so its not a big difference.

On my to do list is to build a encrypted bootloader system. I'm thinking of using the crypto module for this, though it will be interesting to see if it can all fit into a 128k ( the bootloader flash )
 

好的，谢谢。看来我可以把它在英国，没有问题。



      以下为原文

    Ok, thanks. Looks like I can source it in the UK with no issues.

如果你出口它，你只需要保持这一点…我只需签署文件，前几天说，我不使用一些部件，以建造NuCulules或化学武器！



      以下为原文

    If your exporting it, you just need to keep that in consideration.. 

I just had to sign documentation the other day saying i was'nt using some parts for buildign nuculear or chemical weapons!

我有限的研究表明，卖给大众市场的产品不受限制（除少数国家外）。



      以下为原文

    My limited research suggests that a product sold to the mass market is not restricted (with the exception of a few countries).

拉里，你对Bootloader有点了解…你认为使用加密引擎解密图像的可行性是什么？



      以下为原文

   

Larry, you knwo a bit about the bootloader..  What do you think about the feasibility of using the crypto engine to decrypt an image.
 

应该有可能使用密码引擎。面临的挑战是缓冲足够的数据来运行密码引擎，然后尝试对其进行编程。有一些最小缓冲区大小，并且引擎需要知道在操作中要处理多少数据。命令必须添加到引导加载语言中，以输入所发送的数据文件的大小。但是，对于加密/解密的内容，将有两个选择。1）整个数据流（它建议认证和密钥共享），或者2）仅仅是数据文件本身。这是很坏的引擎没有用RSA，因为可以使用公钥/私钥。公钥可以存储在处理器上，因为只有私钥被用来加密数据流。



      以下为原文

    It should be possible to use the crypto engine. The challenge would be buffering enough data to run through the crypto engine, before attempting to program it. There are some minimum buffer sizes, and the engine needs to know how much data, overall, will be handled in an operation. A command would have to be added to the bootloader language to feed in the size of the data file being sent.
 
But then, there would be a couple of choices to make as to what to encrypt/decrypt. 1) The entire data stream (which suggests authentication and key sharing), or 2) just the data file itself.
 
It's too bad this engine didn't come with RSA, since then public/private keys could be used. The public key could be stored on the processor, because only the private key is used to encrypt the data stream.