Have you ever used any encryption algorithms? Did you write your own from scratch or use a library (which one)? Describe which type of algorithms you used and in what situations you used them?

The strongly recommended practice is to use a vetted, well-tested cryptographic library rather than rolling your own. Hand-written crypto almost always has subtle, exploitable flaws — timing side channels, weak randomness, IV/nonce reuse, padding errors. On embedded targets the standard choices are mbedTLS and wolfSSL (both designed for constrained devices), libsodium (a high-level, hard-to-misuse API built on modern primitives), and OpenSSL/BoringSSL on larger systems. Many MCUs also have a hardware crypto accelerator/TRNG you should use through the library's HAL.

Categories of algorithm and when each is used:

• Symmetric encryption (one shared secret key; fast; for bulk data):

  • AES (128/192/256-bit) in modes such as CTR, CBC, or GCM — encrypting stored data (flash/EEPROM at rest), firmware images, and session payloads.
  • ChaCha20 (often paired with Poly1305 as ChaCha20-Poly1305) — excellent on MCUs without AES hardware because it's fast and constant-time in software.
  • DES/3DES — legacy only; avoid in new designs.

• Asymmetric / public-key (key pair; slower; for key exchange, signatures, identity):

  • RSA — signatures and key transport; large keys, heavier on small MCUs.
  • ECC — ECDH/ECDHE for key agreement, ECDSA/EdDSA for signatures. Preferred on embedded because equivalent security comes with much smaller keys and less computation than RSA. Used for TLS handshakes, secure boot signature verification, and device authentication.

• Hashing (one-way; not encryption): SHA-2 (SHA-256) and SHA-3 for integrity, HMAC for keyed message authentication, and password/key derivation (PBKDF2, HKDF). Used for firmware integrity checks and signature schemes. (Note MD5/SHA-1 are broken for security use.)

• Authenticated Encryption (AEAD) — AES-GCM, AES-CCM, ChaCha20-Poly1305. These provide confidentiality and integrity/authenticity in one operation and are the modern default for protocols (TLS, secure messaging). Always prefer AEAD over plain encrypt-then-hope.

Typical embedded situations: TLS/DTLS for network links (mbedTLS), encrypting data at rest, secure boot (verify an ECDSA/RSA signature over the firmware before executing), secure firmware-over-the-air updates (signed + encrypted images), and device-to-cloud authentication.

Things to get right regardless of library: proper key management (provisioning, storage in secure element/TPM/protected flash, never hard-coded), correct IV/nonce handling (unique per message — nonce reuse with GCM/CTR is catastrophic), a real CSPRNG/TRNG seed source, constant-time implementations to resist timing attacks, and keeping the library patched against known CVEs.