Arm Mbed and Pelion Device Management support forum

Error during encryption with private key

This post was flagged by the community and is temporarily hidden.

HI @zephyro
Thank you for your question!

I have a question regaring your code.
Why are you assuming the md is SHA1? Note that the size of a SHA1 hash is 20 bytes, not 32, and, if you are sending header and header_len as inputs to your sign_header function, you should be using them as input for mbedtls_pk_encrypt()
What is the error code you are receiving?

Mbed TLS Support

Hi roneld01,

Thank you for your reply. Using SHA1 is the firt mistake that i made actually.
I’m not using start_address as input for mbedtls_pk_encrypt because I thought that it needs
the hash as input. Anyway, somewhere I read that mbedtls_pk_encrypt() doesn’t support encryption
with private key and it souldn’t be used for signing purpose, but I don’t know if it is true.

Thanks a lot!

Hi @zephyro
Actually, you shouldn’t be using the private key for encryption. I missed this part in my original reply, sorry about that.
The private key should be used for signing or for decryption.
Assuming encryption with the private key works, it means that anyone can decrypt the message using your public key which, as named, is public and known to all. So, there is no point in this operation, if you use the private key.

If you want to encrypt a secret message to a specific entity, you will need to do one of the following:

  1. Encrypt it using this remote entity’s public key, and only it will be able to decrypt it
  2. Use a Key exchange algorithm, such as DHM to exchange a secret between the two entities that you can use to derive a symmetric key for a symmetric cipher algorithm, such as AES