Hi,

I am using mbedTLS 2.13.1

I am trying to use the function `mbedtls_pk_write_key_der`

to write an elliptic curve private key to DER format. I do not have the corresponding public key associated with this private key, and wish to write the private key only.

The SEC standard says that the public key is optional:

```
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}
```

However when writing the private key to DER format, the function always seems to write an empty public key https://github.com/ARMmbed/mbedtls/blob/development/library/pkwrite.c#L405

by appending a bit string of length 2 of zero bytes. (0x03, 0x02, 0x00, 0x00)

Later, when I try to parse this key to use it using mbedtls_pk_parse_key, I get a failure due to an invalid public key.

What is the correct way to store an elliptic curve private key in DER so that it can be parsed & used by the mbedTLS library later?

Thank you!