the EClet is secure authentication device on a mini-cape designed for the BeagleBone Black (BBB).Designed by Cryptotronix, LLC in United States of America
This product is no longer available for sale. The seller may be offering an improved version or it may be hanging out on the beach, enjoying the retired life.
Overview The EClet is secure authentication device on a mini-cape designed for the BeagleBone Black (BBB). The Raspberry Pi version is coming soon! It provides an external hardware random number g...Read More…
The EClet is secure authentication device on a mini-cape designed for the BeagleBone Black (BBB). The Raspberry Pi version is coming soon! It provides an external hardware random number generator, generates a P-256 Elliptic Curve private key in the hardware, and will sign and verify ECDSA signatures.
However, you can use this device directly from the BeagleBone or Pi with the Cryptotronix EClet Command Line Interface (CLI) driver. The driver is GPLv3 and available on GitHub.
Design files are available on Github.
The EClet is assembled and tested by Cryptotronix prior to shipping. Upon receipt, simply slip the board on the top of the expansion header and the device is ready. The device uses
/dev/i2c-1, which is enabled by default so there are no device-tree files that have to be installed.
This blog post has a detailed walkthrough of the software, below are some example commands:
Random data is easily produced with the one-line command:
eclet random 62F95589AC76855A8F9204C9C6B8B85F06E6477D17C3888266AEE8E1CBD65319
Generate a P-256 EC Key in the hardware (the private key can't be exported). This returns the public key:
eclet gen-key 04EED1CB629CF87F8BF6419986F990B92EA3DFA14CDAF70EB3E8DA8F9C9504DBC5B040D6480E88F895E9E1D4477970329B060450C80E1816EFED7B0FA49868CAEB
You can always obtain the public-key:
eclet get-pub 04EED1CB629CF87F8BF6419986F990B92EA3DFA14CDAF70EB3E8DA8F9C9504DBC5B040D6480E88F895E9E1D4477970329B060450C80E1816EFED7B0FA49868CAEB
The EClet can store 15 ECC keys in slots 0-7 and 9-15. Append a
-k x to the previous commands to work with the other key slots.
Sign data with the following command and specify a file (or use stdin). The data is hashed with SH256 in software prior to signing:
eclet sign -f ChangeLog 3BAEB5705D8765B34B389F1768BAC783FCA786AB64A760D10DD133C86E5892A7A790E424C8E1540551C99FBE4F9F531B504A6004F08F3E0D4E42E96BBDE5C179
There are two ways to verify the signature. You can either use the chip or perform the verification in software:
eclet verify -f ChangeLog --signature C650D1A30194AD68F60F40C321FB084F6177BEDAC74D0F0C276ED35B00249AC8CF3E96FB7AB14AA48223FBA2E5DD9BCAE232BF963755C42F8FD9BD77FC145D41 --public-key 049B4A517704E16F3C99C6973E29F882EAF840DCD125C725C9552148A74349EB77BECB37AA2DB8056BAF0E236F6DCFEC2C5A9A0F23CEFD8A9DC1F4693718E725D2 eclet offline-verify-sign -f ChangeLog --signature C650D1A30194AD68F60F40C321FB084F6177BEDAC74D0F0C276ED35B00249AC8CF3E96FB7AB14AA48223FBA2E5DD9BCAE232BF963755C42F8FD9BD77FC145D41 --public-key 049B4A517704E16F3C99C6973E29F882EAF840DCD125C725C9552148A74349EB77BECB37AA2DB8056BAF0E236F6DCFEC2C5A9A0F23CEFD8A9DC1F4693718E725D2
The benefit over this device over the Hashlet, is that it uses asymmetric cryptography. Your devices need the public keys of other EClets to verify messages while the private keys stay secret. Currently this software only exposes the primitive sign and verify functions from the hardware, it does not yet incorporate into high level software like OpenSSL or GnuTLS.
Slip the Eclet onto the top of the P9 Header as shown in the pictures.
(coming soon) Slip the EClet on the top (P1) of the Pi expansion headers as shown in the pictures.
Feel free to contact me if you have questions or comments.
Shipping is via USPS Priority Mail. It's a flat rate of $5.25 with tracking and insurance and will arrive between 2 - 3 business days.
International shipping rates vary by country. Please inquire about shipping rates to your country and I will add the rate. International packages ship via USPS International first class and delivery dates vary.
This component is subject to U.S. Export Controls as is classified as ECCN: 5A992.B.
We recognize our top users by making them a Tindarian. Tindarians have access to secret & unreleased features.
We look for the most active & best members of the Tindie community, and invite them to join. There isn't a selection process or form to fill out. The only way to become a Tindarian is by being a nice & active member of the Tindie community!