Hi Máté,

On 26/10/2020 12:04, Z.Máté via mbed-tls wrote:

Dear mbedtls mailing list members!

I hope you recieve my message now, previously I had problems posting to this list. :(

My first question is actually about the PEM format. As far as I'm aware the PEM format either contains the Private key (signalled by the ---- BEGIN PRIVATE KEY ---- header) or a public key (---- BEGIN PUBLIC KEY -----). In my application I have to work on an app that stores key pairs in a special, secure storage solution (Secure Storage of OPTEE if you've heard about it). I decided to export the keys in PEM format, so that reading and handling them is equal to moving a large string buffer around. Using the PEM format, is there a way to store both private and public keys in the same "file"? Does mbedtls allow for such a solution (does such a solution even exist?).

There are actually several PEM formats. Some private key formats actually store both the private key and the public key, while others only store the private key. However, it is always possible to calculate the public key from the private key. So if you want to have the whole key pair, just write the private key in any format.

If you have a private key file, you can extract the public key with the Mbed TLS sample program key_app_writer (untested command line, typed directly into my mail client): programs/pkey/key_app_writer mode=private filename=my_private_key.pem output_mode=public output_file=my_public_key.pem or with OpenSSL: openssl pkey -in my_private_key.pem -pubout -out my_public_key.pem

If not, is there a simple way to get the public key from a private key object? Does the mbedtls_pk_context, (that parsed up with a private key) contain the information needed to export the public key into a PEM buffer? As far as I know mbedtls allows for exporting the private key and the public key with the functions mbedtls_write_key_pem and ...write_pubkey_pem (or something along those lines) does that mean I can only export one at a time and there's no way to save the information for both into one PEM buffer?

If there's a way to save both private and public keys into one PEM file, do I have to parse the private key and public key into separate objects then? With parse_key and parse_pubkey? This isn't really a problem just clarifying.

Once you have an mbedtls_pk_context, if you want to export both keys to a file, use mbedtls_write_key_pem(). If you want to have a separate file that only contains the public key, call mbedtls_write_pubkey_pem() on the same mbedtls_pk_context.

If you can point me to an actually good description of the PEM format and what CAN be stored inside of it, I'd be very grateful! :)

PEM is just an encoding: base64 data between a header and footer. The base64-encoded data can have several different formats depending on the header. It can represent a private key (several formats depending on the header), a public key or a certificate. A complete description is spread across about half a dozen RFC. Fortunately, I don't think you need to dig into those.

I also have a question regarding the example SSL server program. In it, the server needs a private key and a certificate for obvious reasons. It also loads a certificate and as far as I know, the certificate has to be tied to a known CA for it to be valid.

I would like to test the program with a self generated key pair, do I need to change the Certificate and CAs to a new one as well? To authenticate the new keypair? Does the mbedtls ssl_client1 example program work with self signed certs? Or do I need to take care of the CA validation myself (that would probably beyond the scope of the project I'm working on).

The sample program ssl_server does not check the client certificate. The test program ssl_server2 can check the client certificate: pass the command line options "auth_mode=required ca_file=my_ca.crt". If you have a self-signed client certificate, you can pass it as the ca_file.