Hi Mate,

 

I had a look and I couldn’t find such a feature implemented either. I don’t think that Mbed TLS supports that at the moment.

 

Best regards,

Janos

 

From: mbed-tls <mbed-tls-bounces@lists.trustedfirmware.org> on behalf of "Z.Máté via mbed-tls" <mbed-tls@lists.trustedfirmware.org>
Reply to: "Z.Máté" <enleszekakalozkiraly@gmail.com>
Date: Monday, 2 November 2020 at 21:01
To: "mbed-tls@lists.trustedfirmware.org" <mbed-tls@lists.trustedfirmware.org>
Subject: [mbed-tls] Write private key into buffer using encrypted PEM format

 

Dear mbedtls list members!

Sorry if this is the second time I ask, I'm not sure the previous question is still on the list.

I'm asking if there's a way to export a private key into a buffer in an encrypted format. So that mbedtls_pk_parse_key() has to be called with a password.

 

In the example program key_app.c (I hope that's how it's called) I can see there are password encrypted PEM formatted keys. But how to generate one?

For clarity, this is the type of header I'm looking for.

—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,AB8E2B5B2D989271273F6730B6F9C687

……………………………………………….
……………………………………………….
………………………………………
—–END RSA PRIVATE KEY—–

I was only able to generate something like this by, using command line openssl. But I'd like a better solution, in code, using mbedtls.

Yours

Zombor Máté