1

What I try to achieve here is to encrypt a message inside ESP32 app built using PlatformIO + Arduino framework.

After some searchings, I found this repo: https://github.com/espressif/arduino-esp32

There is a tool inside it seems able to help me achieve what I want https://github.com/espressif/arduino-esp32/blob/master/tools/sdk/include/mbedtls/mbedtls/rsa.h

I imported the library "mbedtls" at https://platformio.org/lib/show/10874/mbedtls to the PlatformIO project and start work from there.

Question: How to load private key file in the app and encrypt the message using the RSA tool?

What I have currently is:

int ret = 1;
char buf[1024];

mbedtls_pk_init(&pk);
memset(buf, 0, sizeof(buf));

mbedtls_mpi_init(&N);
mbedtls_mpi_init(&P);
mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D);
mbedtls_mpi_init(&E);
mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ);
mbedtls_mpi_init(&QP);

ret = mbedtls_pk_parse_key(&pk, vendorPrivateKey, sizeof(vendorPrivateKey), NULL, NULL);

if (ret != 0) {
  Serial.print(" failed!  mbedtls_pk_parse_key returned: ");
  Serial.print(-ret);
  Serial.println();
}

if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
  mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
  
  if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 
    || (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
    Serial.println(" failed! could not export RSA parameters.");
  }
}

For now I import the private key content directly in char* form (I'm not sure how to import a pem key file into app.) through the header file: const unsigned char *vendorPrivateKey = reinterpret_cast<const unsigned char *>(VENDOR_PRIVATE_KEY); where the value is stored inside secrets.h

Then when I ran the program, it yields the following error message for me: failed! mbedtls_pk_parse_key returned: 15616

According to the pk.h file description, this error code 15616 in hexa is 3D00 which indicates /**< Invalid key tag or value. */

Is there any website that provides format checking and see if my private key file fits the requirements of the mbedtls?

Daniel Tang
  • 11
  • 1
  • 5
  • 1) "I imported the library "mbedtls" at ...", that is for mbed OS (an RTOS), not for Arduino platform. 2) For Arduino, you should take a look at this [tutorial](https://techtutorialsx.com/2018/05/10/esp32-arduino-mbed-tls-using-the-sha-256-algorithm/) on how to use mbedtls in ESP32 Arduino Core environment. – hcheung Sep 25 '20 at 13:40
  • basically you use the library by adding `#include "mbedtls/rsa.h"` to your ESP32 Arduino sketch, and the rest refer to the [documentation](https://tls.mbed.org/api/rsa_8h.html) for the APIs. – hcheung Sep 25 '20 at 13:48
  • Hi hcheung, do you have any example codes as a reference for me? I undertand there is a documentation for this RSA stuff, but there is no clear instruction says what API should I use first, then what's next, where should I store the key file or store the key in string form etc. – Daniel Tang Sep 28 '20 at 01:39
  • Regarding the SHA256, I had it working with the exactly same tutorial, I found it last week. Now the problem I encounter is implemenet RSA encryption. – Daniel Tang Sep 28 '20 at 01:43
  • Hi @DanielTang, did you ever get this working? – Todd Sharp Mar 16 '21 at 12:56

0 Answers0