wolfCrypt Embedded Cryptography

A portable cryptographic engine for embedded and resource-constrained systems, with configurable algorithms, supported hardware acceleration and separately scoped FIPS-validated module builds.

Discuss your requirements ↗ Explore capabilities ↓

Symmetric & asymmetric cryptoHash & signatureHardware accelerationValidated module options

Cryptographic service boundary

InputsKeys, entropy & dataAlgorithm policy

Engineering controlsEncrypt / decryptHash / sign / verifyKey agreement

OutputsCryptographically processed dataVerified signaturesDerived session keys

Cryptographic primitive and protocol-support layer inside a defined product security boundary.

FIPS validation belongs to a specific module version, configuration and operating environment. It does not automatically extend to the complete product.

wolfSSLEmbedded security

Core capabilities

Core engineering capabilities

Exact capabilities depend on the selected edition, release and deployment environment.

Cryptographic algorithms

Provide configurable symmetric, asymmetric, hash, MAC, signature and key-establishment functions.

Embedded portability

Target embedded, RTOS, bare-metal and operating-system environments through a portable C implementation.

Hardware acceleration

Use supported MCU engines, secure elements or external cryptographic hardware where applicable.

Post-quantum options

Support selected NIST-standardized post-quantum and hybrid algorithms in applicable builds and validated configurations.

FIPS module variants

Use specific validated wolfCrypt module versions and operating environments where required by the assurance case.

Integration APIs

Serve wolfSSL, wolfBoot or application-level cryptographic use cases subject to key and lifecycle design.

Implementation workflow

From evaluation to deployment

Validate the technology in the real build, target and reporting environment before wider rollout.

01Define cryptographic use cases
02Select algorithms and assurance level
03Design key and entropy lifecycle
04Configure software / hardware boundary
05Benchmark and harden
06Validate exact build and operating environment

Confirm the deployment fit

Compatibility depends on the actual toolchain, target environment, integration needs and assurance objectives.

Algorithm and protocol requirements
Key sizes and lifecycle duration
Entropy source and DRBG architecture
Hardware acceleration or secure-element API
Side-channel and fault considerations
Exact FIPS certificate, version and boundary

Where the technology adds value

Well suited for

Embedded cryptographic services
Hardware-accelerated crypto integration
Products requiring a portable crypto API
Projects needing a specific validated module option

Important considerations

FIPS claims apply only to the validated module and approved configuration.
Key management requires provisioning, storage, rotation and operational controls.
Algorithm selection and configuration must follow the product threat model.
Side-channel and fault resistance require platform-specific assessment.

Relevant engineering frameworks

FIPS 140-3 scoped modulesNIST algorithm guidancePost-quantum transition planningProduct-specific cryptographic policy

Related capabilities

Extend the software assurance workflow

Explore adjacent capabilities across requirements, verification, testing and embedded security.