I’m looking for a way to encrypt a large file with a public key

The way this is normally done as far as I understand is to generate an AES key K, encrypt the file with K , encrypt K with the public key and then pack the encrypted K along with the encrypted file.

With openssl, this procedure can be done with the smime command and the resulting file is in a standard smime format, which can be .

Is there something equivalent in mbed? or do I need to come up with my own format to pack the encrypted key and the encrypted file?

# Public key encryption of a large file

Hi Shy,

Mbed TLS does not support SMIME, however you may consider using some key exchange algorithm such as DHM, or preferably ECDH, to exchange a shared secret, and then use the shared secret for symmetric AES encryption. This assuming that both sides are aware of the protocol being used.

Regards,

Mbed TLS Team member

Ron

Thanks for the reply Ron

Unfortunately that’s not really an option in my use case since the “protocol” is offline. one side has the public key, it needs to encrypt that big file, save it somewhere, and then the other side comes to get it days later.

So if someone would have asked you how to implement such a scenario using mbed, what would you suggest to them?

Hi Shy,

If you and the other side have a preshared key, you could just use that key for your symmetric cipher ( preferably use an AEAD algorithm such as CCM or GCM )

Have you considered using RSA encryption with a public key, and RSA decryption with the private key?