# Secure Element

Secure Element utilized in Citadel Wallet has an independent Common Criteria EAL 6+ security certification up to OS level and supports both RSA & ECC asymmetric cryptographic algorithms with high key length and future proof ECC curves. Latest security measures in this secure element protect the chip against invasive and non-invasive attacks. For a comparison, Ledger hardware wallets are certified to only up to EAL 5+ security level.

<figure><img src="/files/BpQ67TaPvWM11qPLAjb9" alt=""><figcaption></figcaption></figure>

Secure element is specifically designed for blockchain, secure IoT, government ID and secure key storage applications. It requires a host controller, which will communicate with the secure element through I2C interface and make key operation requests such as key creation, message signing and verifying. It generates the private/public key pairs for asymmetric encryptions internally to the secure element and private keys never leave the chip. Some of the major features of the Secure Element include:

* CC EAL 6+ and SESIP4 certified HW and OS
* FIPS 140-2 certified platform with Security Level 3 and Security Level 4 related to Physical Security of the HW
* Effective protection against advanced attacks, including Power Analysis and Fault Attacks
* Multiple logical and physical protection layers, including metal shielding, end-to-end encryption, memory encryption, tamper detection
* RSA and ECC asymmetric cryptography algorithms, future proof curves and high key length, e.g. Brainpool, Edwards and Montgomery curves
* AES and DES symmetric cryptographic algorithms for encryption and decryption
* HMAC, CMAC, SHA-1, SHA-224/256/384/512 operations
* Extended temperature range for industrial applications (-40 °C to +105 °C)

Hedera accounts require ED25519, RSA-3072 or ECDSA cryptographic pairs for account creation and interaction with the network. Secure Element used in Citadel Wallet support all options.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.citadelwallet.io/wallet-spec/hardware-spec/secure-element.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.