Public key operations like "psa_verify_message" use a "key-id" argument to represent the public key. Is there a simple way to obtain or register that key-id using the "cert->pk" member of a parsed certificate?
-- Christian Huitema
Hi Christian,
The pk object in an X.509 structure contains the key data directly. If you built Mbed TLS with MBEDTLS_USE_PSA_CRYPTO enabled, then functions like mbedtls_pk_verify() call PPSA functions under the hood. If not, or if you want to do something that the pk API can't do, you can call mbedtls_pk_import_into_psa() to create a PSA key from the key in the pk object. (This function is new in 3.6, it was much more cumbersome before.) See the PSA transition guide at https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6.0/docs/psa-transition.m... for more details.
Best regards,
mbed-tls@lists.trustedfirmware.org