Hi Mate,
I had a look and I couldn’t find such a feature implemented either. I don’t think that Mbed TLS supports that at the moment.
Best regards,
Janos
From: mbed-tls <mbed-tls-bounces@lists.trustedfirmware.org> on behalf of "Z.Máté via mbed-tls" <mbed-tls@lists.trustedfirmware.org>
Reply to: "Z.Máté" <enleszekakalozkiraly@gmail.com>
Date: Monday, 2 November 2020 at 21:01
To: "mbed-tls@lists.trustedfirmware.org" <mbed-tls@lists.trustedfirmware.org>
Subject: [mbed-tls] Write private key into buffer using encrypted PEM format
Dear mbedtls list members!
Sorry if this is the second time I ask, I'm not sure the previous question is still on the list.
I'm asking if there's a way to export a private key into a buffer in an encrypted format. So that mbedtls_pk_parse_key() has to be called with a password.
In the example program key_app.c (I hope that's how it's called) I can see there are password encrypted PEM formatted keys. But how to generate one?
For clarity, this is the type of header I'm looking for.
—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,AB8E2B5B2D989271273F6730B6F9C687……………………………………………….
……………………………………………….
………………………………………
—–END RSA PRIVATE KEY—–
I was only able to generate something like this by, using command line openssl. But I'd like a better solution, in code, using mbedtls.
Yours
Zombor Máté