How do I write an EC private key w/ no public key to DER format?

Hi,
I am using mbedTLS 2.13.1

I am trying to use the function mbedtls_pk_write_key_der to write an elliptic curve private key to DER format. I do not have the corresponding public key associated with this private key, and wish to write the private key only.

The SEC standard says that the public key is optional:

ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}

However when writing the private key to DER format, the function always seems to write an empty public key mbedtls/pkwrite.c at development · Mbed-TLS/mbedtls · GitHub
by appending a bit string of length 2 of zero bytes. (0x03, 0x02, 0x00, 0x00)

Later, when I try to parse this key to use it using mbedtls_pk_parse_key, I get a failure due to an invalid public key.

What is the correct way to store an elliptic curve private key in DER so that it can be parsed & used by the mbedTLS library later?

Thank you!

Hi @alexa,
Thank you for your question!

Mbed TLS doesn’t support writing only private component. You will need the full key pair.
If it is essential that Mbed TLS support this feature, please raise a feature request in our github repository

I am curious though, if you have the private key, how is it you don’t have the public key? Without the public key to verify what was signed by your private key, there is not a real point of having it.

Regards,
Mbed TLS Team member
Ron

Hi Ron,

Thanks for your answer.

Technically, I do have the public key as part of a certificate elsewhere in the code, but since private-key-only is supported by the specification I was hoping not to have to reassemble the full key & duplicate storage of it, or build in a dependency between cert and private key.