8 Apr
2024
8 Apr
'24
7:20 p.m.
Hi Christian,
The pk object in an X.509 structure contains the key data directly. If you built Mbed TLS with MBEDTLS_USE_PSA_CRYPTO enabled, then functions like mbedtls_pk_verify() call PPSA functions under the hood. If not, or if you want to do something that the pk API can't do, you can call mbedtls_pk_import_into_psa() to create a PSA key from the key in the pk object. (This function is new in 3.6, it was much more cumbersome before.) See the PSA transition guide at https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6.0/docs/psa-transition.m... for more details.
Best regards,
--
Gilles Peskine
Mbed TLS developer
On 03/04/2024 18:23, Christian Huitema via mbed-tls wrote:
> Public key operations like "psa_verify_message" use a "key-id"
> argument to represent the public key. Is there a simple way to obtain
> or register that key-id using the "cert->pk" member of a parsed
> certificate?
>
> -- Christian Huitema