1. Introduction

1.1. About Platform Security Architecture

This document is one of a set of resources provided by Arm that can help organizations develop products that meet the security requirements of PSA Certified on Arm-based platforms. The PSA Certified scheme provides a framework and methodology that helps silicon manufacturers, system software providers and OEMs to develop more secure products. Arm resources that support PSA Certified range from threat models, standard architectures that simplify development and increase portability, and open-source partnerships that provide ready-to-use software. You can read more about PSA Certified here at www.psacertified.org and find more Arm resources here at developer.arm.com/platform-security-resources.

1.2. About the Crypto API

The interface described in this document is a PSA Certified API, that provides a portable programming interface to cryptographic operations, and key storage functionality, on a wide range of hardware.

The interface is user-friendly, while still providing access to the low-level primitives used in modern cryptography. It does not require that the user has access to the key material. Instead, it uses opaque key identifiers.

You can find additional resources relating to the Crypto API here at arm-software.github.io/psa-api/crypto, and find other PSA Certified APIs here at arm-software.github.io/psa-api.

This document includes:

PSA Certified Crypto API 1.2 PAKE Extension [PSA-PAKE] is a companion document for version 1.2 of this specification. [PSA-PAKE] defines an API for Password Authenticated Key Establishment (PAKE) algorithms. The PAKE API is now at FINAL status, and will be included in a future version of the Crypto API specification.

In future, other companion documents will define profiles for this specification. A profile is a minimum mandatory subset of the interface that a compliant implementation must provide.