FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Not able to parse rsa public key using mbedtls

Advait
Associate III

‎2025-10-14 11:19 PM

I am using mbedtls module to verify the signature of firmware using RSA and its giving MBEDTLS_ERR_PK_INVALID_PUBKEY after parsing the public key. I am using OpenSSL for generating public and private keys the public key is generated using 

openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
and

openssl rsa -pubout -in private_key.pem -outform DER -out public_key.der

in der format and then converted to a .h file using 

python -c "data=open('public_key.der','rb').read(); print('const unsigned char public_key_der[] = {'); print(', '.join(f'0x{b:02x}' for b in data), end=''); print('};'); print(f'const unsigned int public_key_der_len = {len(data)};');" > public_key.h

In the mbedtls_config.h file I have enabled the following things

#define MBEDTLS_PKCS1_V15
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_RSA_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_OID_C

Here is the main function I am using to parse the public key:
int main (void)
{
UART_Init(1);
// Verify the signature
mbedtls_pk_init(&pk);
mbedtls_pk_free(&pk);
char msg[50];
ret = mbedtls_pk_parse_public_key(&pk, public_key_der, public_key_der_len);
if (ret==0)
{
sprintf(msg,"Key is parsable ret value is %d \r\n",ret);
HAL_UART_Transmit(&huart1, (uint8_t*)msg, strlen(msg), HAL_MAX_DELAY);
}
else
{
sprintf(msg,"Key is not parsable ret value is %d \r\n",ret);
HAL_UART_Transmit(&huart1, (uint8_t*)msg, strlen(msg), HAL_MAX_DELAY);
}
}


I am not sure where I am going wrong this is my first time using mbedtls please help. 
Thanks in advance.

Labels:
0 Kudos
5 REPLIES 5
Ethan HUANG
ST Employee

‎2025-10-15 10:18 PM

May I know which version of mBedTLS you are using? 

I don't play with mBedTLS often, but I tried to do a quick test over an old project which uses mbedtls v3.6 and didn't see such issue.

0 Kudos
Ethan HUANG
ST Employee

‎2025-10-16 12:37 AM - edited ‎2025-10-16 12:38 AM

I tried to follow your sequence to simplify my old project and put it here for your reference. I didn't get any error after running mbedtls_pk_parse_public_key() from the attached project over H573-DK.

In the meantime, I don't think it makes sense to run mbedtls_pk_free() right after mbedtls_pk_init(), even it doesn't trigger any error in the attached test project.


H573-DK-mBedTLS_20251016.zip
0 Kudos
Advait
Associate III
In response to Ethan HUANG

‎2025-10-16 12:42 AM

Hi Ethan,
I am using the mbedtls from middlewares. I believe its 2.16.2 currently.
I can try with 3.6 but I am not sure how to integrate it in the project using CubeIDE, as in how to include those files in the build.

0 Kudos
Advait
Associate III
In response to Ethan HUANG

‎2025-10-16 12:58 AM

Hi Ethan 
Thanks for sharing the project file.
So for using it we just have to add it in the middleware folder and it should work fine?
or are there any additional configurations to be done?

0 Kudos
Ethan HUANG
ST Employee
In response to Advait

‎2025-10-16 5:22 PM - edited ‎2025-10-16 9:54 PM

Make the middleware folder recognized by CubeIDE, and make sure config-boot.h is in your include folder. I think those two are good enough to make it work there. config-boot.h is not optimized to this test, I simply reuse it from my old project.

0 Kudos
Top