Squashed 'lib/mbedtls/external/mbedtls/' content from commit 2ca6c285a0dd

git-subtree-dir: lib/mbedtls/external/mbedtls
git-subtree-split: 2ca6c285a0dd3f33982dd57299012dacab1ff206
diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
new file mode 100644
index 0000000..cd0387a
--- /dev/null
+++ b/programs/pkey/CMakeLists.txt
@@ -0,0 +1,41 @@
+set(executables_mbedtls
+    dh_client
+    dh_server
+)
+
+foreach(exe IN LISTS executables_mbedtls)
+    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+    target_link_libraries(${exe} ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT})
+    target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+endforeach()
+
+set(executables_mbedcrypto
+    dh_genprime
+    ecdh_curve25519
+    ecdsa
+    gen_key
+    key_app
+    key_app_writer
+    mpi_demo
+    pk_encrypt
+    pk_decrypt
+    pk_sign
+    pk_verify
+    rsa_decrypt
+    rsa_encrypt
+    rsa_genkey
+    rsa_sign
+    rsa_sign_pss
+    rsa_verify
+    rsa_verify_pss
+)
+
+foreach(exe IN LISTS executables_mbedcrypto)
+    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+    target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+    target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+endforeach()
+
+install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto}
+        DESTINATION "bin"
+        PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
new file mode 100644
index 0000000..165cee2
--- /dev/null
+++ b/programs/pkey/dh_client.c
@@ -0,0 +1,288 @@
+/*
+ *  Diffie-Hellman-Merkle key exchange (client side)
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
+    defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
+    defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \
+    defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/aes.h"
+#include "mbedtls/dhm.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#define SERVER_NAME "localhost"
+#define SERVER_PORT "11999"
+
+#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) ||     \
+    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) ||  \
+    !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) ||    \
+    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
+                   "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+                   "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO and/or "
+                   "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n");
+    mbedtls_exit(0);
+}
+
+#elif defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_BLOCK_CIPHER_NO_DECRYPT defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+
+int main(void)
+{
+    FILE *f;
+
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    unsigned int mdlen;
+    size_t n, buflen;
+    mbedtls_net_context server_fd;
+
+    unsigned char *p, *end;
+    unsigned char buf[2048];
+    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+    mbedtls_mpi N, E;
+    const char *pers = "dh_client";
+
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    mbedtls_rsa_context rsa;
+    mbedtls_dhm_context dhm;
+    mbedtls_aes_context aes;
+
+    mbedtls_net_init(&server_fd);
+    mbedtls_dhm_init(&dhm);
+    mbedtls_aes_init(&aes);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+    mbedtls_mpi_init(&N);
+    mbedtls_mpi_init(&E);
+
+    /*
+     * 1. Setup the RNG
+     */
+    mbedtls_printf("\n  . Seeding the random number generator");
+    fflush(stdout);
+
+    mbedtls_entropy_init(&entropy);
+    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+                                     (const unsigned char *) pers,
+                                     strlen(pers))) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+        goto exit;
+    }
+
+    /*
+     * 2. Read the server's public RSA key
+     */
+    mbedtls_printf("\n  . Reading public key from rsa_pub.txt");
+    fflush(stdout);
+
+    if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
+        mbedtls_printf(" failed\n  ! Could not open rsa_pub.txt\n" \
+                       "  ! Please run rsa_genkey first\n\n");
+        goto exit;
+    }
+
+    mbedtls_rsa_init(&rsa);
+    if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
+        (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) {
+        mbedtls_printf(" failed\n  ! mbedtls_mpi_read_file returned %d\n\n", ret);
+        fclose(f);
+        goto exit;
+    }
+    fclose(f);
+
+    /*
+     * 3. Initiate the connection
+     */
+    mbedtls_printf("\n  . Connecting to tcp/%s/%s", SERVER_NAME,
+                   SERVER_PORT);
+    fflush(stdout);
+
+    if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME,
+                                   SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_net_connect returned %d\n\n", ret);
+        goto exit;
+    }
+
+    /*
+     * 4a. First get the buffer length
+     */
+    mbedtls_printf("\n  . Receiving the server's DH parameters");
+    fflush(stdout);
+
+    memset(buf, 0, sizeof(buf));
+
+    if ((ret = mbedtls_net_recv(&server_fd, buf, 2)) != 2) {
+        mbedtls_printf(" failed\n  ! mbedtls_net_recv returned %d\n\n", ret);
+        goto exit;
+    }
+
+    n = buflen = (buf[0] << 8) | buf[1];
+    if (buflen < 1 || buflen > sizeof(buf)) {
+        mbedtls_printf(" failed\n  ! Got an invalid buffer length\n\n");
+        goto exit;
+    }
+
+    /*
+     * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P
+     */
+    memset(buf, 0, sizeof(buf));
+
+    if ((ret = mbedtls_net_recv(&server_fd, buf, n)) != (int) n) {
+        mbedtls_printf(" failed\n  ! mbedtls_net_recv returned %d\n\n", ret);
+        goto exit;
+    }
+
+    p = buf, end = buf + buflen;
+
+    if ((ret = mbedtls_dhm_read_params(&dhm, &p, end)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_dhm_read_params returned %d\n\n", ret);
+        goto exit;
+    }
+
+    n = mbedtls_dhm_get_len(&dhm);
+    if (n < 64 || n > 512) {
+        mbedtls_printf(" failed\n  ! Invalid DHM modulus size\n\n");
+        goto exit;
+    }
+
+    /*
+     * 5. Check that the server's RSA signature matches
+     *    the SHA-256 hash of (P,G,Ys)
+     */
+    mbedtls_printf("\n  . Verifying the server's RSA signature");
+    fflush(stdout);
+
+    p += 2;
+
+    if ((n = (size_t) (end - p)) != mbedtls_rsa_get_len(&rsa)) {
+        mbedtls_printf(" failed\n  ! Invalid RSA signature size\n\n");
+        goto exit;
+    }
+
+    mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256));
+    if (mdlen == 0) {
+        mbedtls_printf(" failed\n  ! Invalid digest type\n\n");
+        goto exit;
+    }
+
+    if ((ret = mbedtls_sha256(buf, (int) (p - 2 - buf), hash, 0)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_sha256 returned %d\n\n", ret);
+        goto exit;
+    }
+
+    if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256,
+                                        mdlen, hash, p)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret);
+        goto exit;
+    }
+
+    /*
+     * 6. Send our public value: Yc = G ^ Xc mod P
+     */
+    mbedtls_printf("\n  . Sending own public value to server");
+    fflush(stdout);
+
+    n = mbedtls_dhm_get_len(&dhm);
+    if ((ret = mbedtls_dhm_make_public(&dhm, (int) n, buf, n,
+                                       mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_dhm_make_public returned %d\n\n", ret);
+        goto exit;
+    }
+
+    if ((ret = mbedtls_net_send(&server_fd, buf, n)) != (int) n) {
+        mbedtls_printf(" failed\n  ! mbedtls_net_send returned %d\n\n", ret);
+        goto exit;
+    }
+
+    /*
+     * 7. Derive the shared secret: K = Ys ^ Xc mod P
+     */
+    mbedtls_printf("\n  . Shared secret: ");
+    fflush(stdout);
+
+    if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n,
+                                       mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_dhm_calc_secret returned %d\n\n", ret);
+        goto exit;
+    }
+
+    for (n = 0; n < 16; n++) {
+        mbedtls_printf("%02x", buf[n]);
+    }
+
+    /*
+     * 8. Setup the AES-256 decryption key
+     *
+     * This is an overly simplified example; best practice is
+     * to hash the shared secret with a random value to derive
+     * the keying material for the encryption/decryption keys,
+     * IVs and MACs.
+     */
+    mbedtls_printf("...\n  . Receiving and decrypting the ciphertext");
+    fflush(stdout);
+
+    ret = mbedtls_aes_setkey_dec(&aes, buf, 256);
+    if (ret != 0) {
+        goto exit;
+    }
+
+    memset(buf, 0, sizeof(buf));
+
+    if ((ret = mbedtls_net_recv(&server_fd, buf, 16)) != 16) {
+        mbedtls_printf(" failed\n  ! mbedtls_net_recv returned %d\n\n", ret);
+        goto exit;
+    }
+
+    ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_DECRYPT, buf, buf);
+    if (ret != 0) {
+        goto exit;
+    }
+    buf[16] = '\0';
+    mbedtls_printf("\n  . Plaintext is \"%s\"\n\n", (char *) buf);
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+    mbedtls_net_free(&server_fd);
+
+    mbedtls_aes_free(&aes);
+    mbedtls_rsa_free(&rsa);
+    mbedtls_dhm_free(&dhm);
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+    mbedtls_entropy_free(&entropy);
+    mbedtls_mpi_free(&N);
+    mbedtls_mpi_free(&E);
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
+          MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 &&
+          MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
new file mode 100644
index 0000000..6872e61
--- /dev/null
+++ b/programs/pkey/dh_genprime.c
@@ -0,0 +1,161 @@
+/*
+ *  Diffie-Hellman-Merkle key exchange (prime generation)
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||   \
+    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) ||     \
+    !defined(MBEDTLS_GENPRIME)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
+                   "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or "
+                   "MBEDTLS_GENPRIME not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/bignum.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+
+#define USAGE \
+    "\n usage: dh_genprime param=<>...\n"                                   \
+    "\n acceptable parameters:\n"                                           \
+    "    bits=%%d           default: 2048\n"
+
+#define DFL_BITS    2048
+
+/*
+ * Note: G = 4 is always a quadratic residue mod P,
+ * so it is a generator of order Q (with P = 2*Q+1).
+ */
+#define GENERATOR "4"
+
+
+int main(int argc, char **argv)
+{
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    mbedtls_mpi G, P, Q;
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    const char *pers = "dh_genprime";
+    FILE *fout;
+    int nbits = DFL_BITS;
+    int i;
+    char *p, *q;
+
+    mbedtls_mpi_init(&G); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+    mbedtls_entropy_init(&entropy);
+
+    if (argc < 2) {
+usage:
+        mbedtls_printf(USAGE);
+        goto exit;
+    }
+
+    for (i = 1; i < argc; i++) {
+        p = argv[i];
+        if ((q = strchr(p, '=')) == NULL) {
+            goto usage;
+        }
+        *q++ = '\0';
+
+        if (strcmp(p, "bits") == 0) {
+            nbits = atoi(q);
+            if (nbits < 0 || nbits > MBEDTLS_MPI_MAX_BITS) {
+                goto usage;
+            }
+        } else {
+            goto usage;
+        }
+    }
+
+    if ((ret = mbedtls_mpi_read_string(&G, 10, GENERATOR)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_mpi_read_string returned %d\n", ret);
+        goto exit;
+    }
+
+    mbedtls_printf("  ! Generating large primes may take minutes!\n");
+
+    mbedtls_printf("\n  . Seeding the random number generator...");
+    fflush(stdout);
+
+    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+                                     (const unsigned char *) pers,
+                                     strlen(pers))) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n  . Generating the modulus, please wait...");
+    fflush(stdout);
+
+    /*
+     * This can take a long time...
+     */
+    if ((ret = mbedtls_mpi_gen_prime(&P, nbits, 1,
+                                     mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_mpi_gen_prime returned %d\n\n", ret);
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n  . Verifying that Q = (P-1)/2 is prime...");
+    fflush(stdout);
+
+    if ((ret = mbedtls_mpi_sub_int(&Q, &P, 1)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_mpi_sub_int returned %d\n\n", ret);
+        goto exit;
+    }
+
+    if ((ret = mbedtls_mpi_div_int(&Q, NULL, &Q, 2)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_mpi_div_int returned %d\n\n", ret);
+        goto exit;
+    }
+
+    if ((ret = mbedtls_mpi_is_prime_ext(&Q, 50, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_mpi_is_prime returned %d\n\n", ret);
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n  . Exporting the value in dh_prime.txt...");
+    fflush(stdout);
+
+    if ((fout = fopen("dh_prime.txt", "wb+")) == NULL) {
+        mbedtls_printf(" failed\n  ! Could not create dh_prime.txt\n\n");
+        goto exit;
+    }
+
+    if (((ret = mbedtls_mpi_write_file("P = ", &P, 16, fout)) != 0) ||
+        ((ret = mbedtls_mpi_write_file("G = ", &G, 16, fout)) != 0)) {
+        mbedtls_printf(" failed\n  ! mbedtls_mpi_write_file returned %d\n\n", ret);
+        fclose(fout);
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n\n");
+    fclose(fout);
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+    mbedtls_mpi_free(&G); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+    mbedtls_entropy_free(&entropy);
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO &&
+          MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */
diff --git a/programs/pkey/dh_prime.txt b/programs/pkey/dh_prime.txt
new file mode 100644
index 0000000..de0c281
--- /dev/null
+++ b/programs/pkey/dh_prime.txt
@@ -0,0 +1,2 @@
+P = FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF
+G = 02
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
new file mode 100644
index 0000000..1ae5651
--- /dev/null
+++ b/programs/pkey/dh_server.c
@@ -0,0 +1,306 @@
+/*
+ *  Diffie-Hellman-Merkle key exchange (server side)
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
+    defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
+    defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \
+    defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/aes.h"
+#include "mbedtls/dhm.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#define SERVER_PORT "11999"
+#define PLAINTEXT "==Hello there!=="
+
+#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) ||     \
+    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) ||  \
+    !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) ||    \
+    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
+                   "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+                   "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO and/or "
+                   "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+
+int main(void)
+{
+    FILE *f;
+
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    unsigned int mdlen;
+    size_t n, buflen;
+    mbedtls_net_context listen_fd, client_fd;
+
+    unsigned char buf[2048];
+    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+    unsigned char buf2[2];
+    const char *pers = "dh_server";
+
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    mbedtls_rsa_context rsa;
+    mbedtls_dhm_context dhm;
+    mbedtls_aes_context aes;
+
+    mbedtls_mpi N, P, Q, D, E, dhm_P, dhm_G;
+
+    mbedtls_net_init(&listen_fd);
+    mbedtls_net_init(&client_fd);
+    mbedtls_dhm_init(&dhm);
+    mbedtls_aes_init(&aes);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+
+    mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+    mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&dhm_P);
+    mbedtls_mpi_init(&dhm_G);
+    /*
+     * 1. Setup the RNG
+     */
+    mbedtls_printf("\n  . Seeding the random number generator");
+    fflush(stdout);
+
+    mbedtls_entropy_init(&entropy);
+    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+                                     (const unsigned char *) pers,
+                                     strlen(pers))) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+        goto exit;
+    }
+
+    /*
+     * 2a. Read the server's private RSA key
+     */
+    mbedtls_printf("\n  . Reading private key from rsa_priv.txt");
+    fflush(stdout);
+
+    if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
+        mbedtls_printf(" failed\n  ! Could not open rsa_priv.txt\n" \
+                       "  ! Please run rsa_genkey first\n\n");
+        goto exit;
+    }
+
+    mbedtls_rsa_init(&rsa);
+
+    if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_mpi_read_file returned %d\n\n",
+                       ret);
+        fclose(f);
+        goto exit;
+    }
+    fclose(f);
+
+    if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_rsa_import returned %d\n\n",
+                       ret);
+        goto exit;
+    }
+
+    if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_rsa_complete returned %d\n\n",
+                       ret);
+        goto exit;
+    }
+
+    /*
+     * 2b. Get the DHM modulus and generator
+     */
+    mbedtls_printf("\n  . Reading DH parameters from dh_prime.txt");
+    fflush(stdout);
+
+    if ((f = fopen("dh_prime.txt", "rb")) == NULL) {
+        mbedtls_printf(" failed\n  ! Could not open dh_prime.txt\n" \
+                       "  ! Please run dh_genprime first\n\n");
+        goto exit;
+    }
+
+    if ((ret = mbedtls_mpi_read_file(&dhm_P, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&dhm_G, 16, f)) != 0 ||
+        (ret = mbedtls_dhm_set_group(&dhm, &dhm_P, &dhm_G) != 0)) {
+        mbedtls_printf(" failed\n  ! Invalid DH parameter file\n\n");
+        fclose(f);
+        goto exit;
+    }
+
+    fclose(f);
+
+    /*
+     * 3. Wait for a client to connect
+     */
+    mbedtls_printf("\n  . Waiting for a remote connection");
+    fflush(stdout);
+
+    if ((ret = mbedtls_net_bind(&listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_net_bind returned %d\n\n", ret);
+        goto exit;
+    }
+
+    if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
+                                  NULL, 0, NULL)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_net_accept returned %d\n\n", ret);
+        goto exit;
+    }
+
+    /*
+     * 4. Setup the DH parameters (P,G,Ys)
+     */
+    mbedtls_printf("\n  . Sending the server's DH parameters");
+    fflush(stdout);
+
+    memset(buf, 0, sizeof(buf));
+
+    if ((ret =
+             mbedtls_dhm_make_params(&dhm, (int) mbedtls_dhm_get_len(&dhm), buf, &n,
+                                     mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_dhm_make_params returned %d\n\n", ret);
+        goto exit;
+    }
+
+    /*
+     * 5. Sign the parameters and send them
+     */
+
+    mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256));
+    if (mdlen == 0) {
+        mbedtls_printf(" failed\n  ! Invalid digest type\n\n");
+        goto exit;
+    }
+
+    if ((ret = mbedtls_sha256(buf, n, hash, 0)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_sha256 returned %d\n\n", ret);
+        goto exit;
+    }
+
+    const size_t rsa_key_len = mbedtls_rsa_get_len(&rsa);
+    buf[n] = (unsigned char) (rsa_key_len >> 8);
+    buf[n + 1] = (unsigned char) (rsa_key_len);
+
+    if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg,
+                                      MBEDTLS_MD_SHA256, mdlen,
+                                      hash, buf + n + 2)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret);
+        goto exit;
+    }
+
+    buflen = n + 2 + rsa_key_len;
+    buf2[0] = (unsigned char) (buflen >> 8);
+    buf2[1] = (unsigned char) (buflen);
+
+    if ((ret = mbedtls_net_send(&client_fd, buf2, 2)) != 2 ||
+        (ret = mbedtls_net_send(&client_fd, buf, buflen)) != (int) buflen) {
+        mbedtls_printf(" failed\n  ! mbedtls_net_send returned %d\n\n", ret);
+        goto exit;
+    }
+
+    /*
+     * 6. Get the client's public value: Yc = G ^ Xc mod P
+     */
+    mbedtls_printf("\n  . Receiving the client's public value");
+    fflush(stdout);
+
+    memset(buf, 0, sizeof(buf));
+
+    n = mbedtls_dhm_get_len(&dhm);
+    if ((ret = mbedtls_net_recv(&client_fd, buf, n)) != (int) n) {
+        mbedtls_printf(" failed\n  ! mbedtls_net_recv returned %d\n\n", ret);
+        goto exit;
+    }
+
+    if ((ret = mbedtls_dhm_read_public(&dhm, buf, n)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_dhm_read_public returned %d\n\n", ret);
+        goto exit;
+    }
+
+    /*
+     * 7. Derive the shared secret: K = Ys ^ Xc mod P
+     */
+    mbedtls_printf("\n  . Shared secret: ");
+    fflush(stdout);
+
+    if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n,
+                                       mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_dhm_calc_secret returned %d\n\n", ret);
+        goto exit;
+    }
+
+    for (n = 0; n < 16; n++) {
+        mbedtls_printf("%02x", buf[n]);
+    }
+
+    /*
+     * 8. Setup the AES-256 encryption key
+     *
+     * This is an overly simplified example; best practice is
+     * to hash the shared secret with a random value to derive
+     * the keying material for the encryption/decryption keys
+     * and MACs.
+     */
+    mbedtls_printf("...\n  . Encrypting and sending the ciphertext");
+    fflush(stdout);
+
+    ret = mbedtls_aes_setkey_enc(&aes, buf, 256);
+    if (ret != 0) {
+        goto exit;
+    }
+    memcpy(buf, PLAINTEXT, 16);
+    ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_ENCRYPT, buf, buf);
+    if (ret != 0) {
+        goto exit;
+    }
+
+    if ((ret = mbedtls_net_send(&client_fd, buf, 16)) != 16) {
+        mbedtls_printf(" failed\n  ! mbedtls_net_send returned %d\n\n", ret);
+        goto exit;
+    }
+
+    mbedtls_printf("\n\n");
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+    mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+    mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&dhm_P);
+    mbedtls_mpi_free(&dhm_G);
+
+    mbedtls_net_free(&client_fd);
+    mbedtls_net_free(&listen_fd);
+
+    mbedtls_aes_free(&aes);
+    mbedtls_rsa_free(&rsa);
+    mbedtls_dhm_free(&dhm);
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+    mbedtls_entropy_free(&entropy);
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
+          MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 &&
+          MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
new file mode 100644
index 0000000..fedfcc9
--- /dev/null
+++ b/programs/pkey/ecdh_curve25519.c
@@ -0,0 +1,189 @@
+/*
+ *  Example ECDHE with Curve25519 program
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_ECDH_C) || \
+    !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
+    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_ECDH_C and/or "
+                   "MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or "
+                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
+                   "not defined\n");
+    mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/ecdh.h"
+
+#include <string.h>
+
+
+int main(int argc, char *argv[])
+{
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    mbedtls_ecdh_context ctx_cli, ctx_srv;
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    unsigned char cli_to_srv[36], srv_to_cli[33];
+    const char pers[] = "ecdh";
+
+    size_t srv_olen;
+    size_t cli_olen;
+    unsigned char secret_cli[32] = { 0 };
+    unsigned char secret_srv[32] = { 0 };
+    const unsigned char *p_cli_to_srv = cli_to_srv;
+
+    ((void) argc);
+    ((void) argv);
+
+    mbedtls_ecdh_init(&ctx_cli);
+    mbedtls_ecdh_init(&ctx_srv);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+
+    /*
+     * Initialize random number generation
+     */
+    mbedtls_printf("  . Seed the random number generator...");
+    fflush(stdout);
+
+    mbedtls_entropy_init(&entropy);
+    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+                                     &entropy,
+                                     (const unsigned char *) pers,
+                                     sizeof(pers))) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n",
+                       ret);
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n");
+
+    /*
+     * Client: initialize context and generate keypair
+     */
+    mbedtls_printf("  . Set up client context, generate EC key pair...");
+    fflush(stdout);
+
+    ret = mbedtls_ecdh_setup(&ctx_cli, MBEDTLS_ECP_DP_CURVE25519);
+    if (ret != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ecdh_setup returned %d\n", ret);
+        goto exit;
+    }
+
+    ret = mbedtls_ecdh_make_params(&ctx_cli, &cli_olen, cli_to_srv,
+                                   sizeof(cli_to_srv),
+                                   mbedtls_ctr_drbg_random, &ctr_drbg);
+    if (ret != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ecdh_make_params returned %d\n",
+                       ret);
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n");
+
+    /*
+     * Server: initialize context and generate keypair
+     */
+    mbedtls_printf("  . Server: read params, generate public key...");
+    fflush(stdout);
+
+    ret = mbedtls_ecdh_read_params(&ctx_srv, &p_cli_to_srv,
+                                   p_cli_to_srv + sizeof(cli_to_srv));
+    if (ret != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ecdh_read_params returned %d\n",
+                       ret);
+        goto exit;
+    }
+
+    ret = mbedtls_ecdh_make_public(&ctx_srv, &srv_olen, srv_to_cli,
+                                   sizeof(srv_to_cli),
+                                   mbedtls_ctr_drbg_random, &ctr_drbg);
+    if (ret != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ecdh_make_public returned %d\n",
+                       ret);
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n");
+
+    /*
+     * Client: read public key
+     */
+    mbedtls_printf("  . Client: read public key...");
+    fflush(stdout);
+
+    ret = mbedtls_ecdh_read_public(&ctx_cli, srv_to_cli,
+                                   sizeof(srv_to_cli));
+    if (ret != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ecdh_read_public returned %d\n",
+                       ret);
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n");
+
+    /*
+     * Calculate secrets
+     */
+    mbedtls_printf("  . Calculate secrets...");
+    fflush(stdout);
+
+    ret = mbedtls_ecdh_calc_secret(&ctx_cli, &cli_olen, secret_cli,
+                                   sizeof(secret_cli),
+                                   mbedtls_ctr_drbg_random, &ctr_drbg);
+    if (ret != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ecdh_calc_secret returned %d\n",
+                       ret);
+        goto exit;
+    }
+
+    ret = mbedtls_ecdh_calc_secret(&ctx_srv, &srv_olen, secret_srv,
+                                   sizeof(secret_srv),
+                                   mbedtls_ctr_drbg_random, &ctr_drbg);
+    if (ret != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ecdh_calc_secret returned %d\n",
+                       ret);
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n");
+
+    /*
+     * Verification: are the computed secrets equal?
+     */
+    mbedtls_printf("  . Check if both calculated secrets are equal...");
+    fflush(stdout);
+
+    ret = memcmp(secret_srv, secret_cli, srv_olen);
+    if (ret != 0 || (cli_olen != srv_olen)) {
+        mbedtls_printf(" failed\n  ! Shared secrets not equal.\n");
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n");
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+    mbedtls_ecdh_free(&ctx_srv);
+    mbedtls_ecdh_free(&ctx_cli);
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+    mbedtls_entropy_free(&entropy);
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED &&
+          MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
new file mode 100644
index 0000000..5664b8c
--- /dev/null
+++ b/programs/pkey/ecdsa.c
@@ -0,0 +1,220 @@
+/*
+ *  Example ECDSA program
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_ECDSA_C) && \
+    defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/sha256.h"
+
+#include <string.h>
+#endif
+
+/*
+ * Uncomment to show key and signature details
+ */
+#define VERBOSE
+
+/*
+ * Uncomment to force use of a specific curve
+ */
+#define ECPARAMS    MBEDTLS_ECP_DP_SECP192R1
+
+#if !defined(ECPARAMS)
+#define ECPARAMS    mbedtls_ecp_curve_list()->grp_id
+#endif
+
+#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \
+    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or "
+                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n");
+    mbedtls_exit(0);
+}
+#else
+#if defined(VERBOSE)
+static void dump_buf(const char *title, unsigned char *buf, size_t len)
+{
+    size_t i;
+
+    mbedtls_printf("%s", title);
+    for (i = 0; i < len; i++) {
+        mbedtls_printf("%c%c", "0123456789ABCDEF" [buf[i] / 16],
+                       "0123456789ABCDEF" [buf[i] % 16]);
+    }
+    mbedtls_printf("\n");
+}
+
+static void dump_pubkey(const char *title, mbedtls_ecdsa_context *key)
+{
+    unsigned char buf[300];
+    size_t len;
+
+    if (mbedtls_ecp_write_public_key(key, MBEDTLS_ECP_PF_UNCOMPRESSED,
+                                     &len, buf, sizeof(buf)) != 0) {
+        mbedtls_printf("internal error\n");
+        return;
+    }
+
+    dump_buf(title, buf, len);
+}
+#else
+#define dump_buf(a, b, c)
+#define dump_pubkey(a, b)
+#endif
+
+
+int main(int argc, char *argv[])
+{
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    mbedtls_ecdsa_context ctx_sign, ctx_verify;
+    mbedtls_ecp_point Q;
+    mbedtls_ecp_point_init(&Q);
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    unsigned char message[100];
+    unsigned char hash[32];
+    unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
+    size_t sig_len;
+    const char *pers = "ecdsa";
+    ((void) argv);
+
+    mbedtls_ecdsa_init(&ctx_sign);
+    mbedtls_ecdsa_init(&ctx_verify);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+
+    memset(sig, 0, sizeof(sig));
+    memset(message, 0x25, sizeof(message));
+
+    if (argc != 1) {
+        mbedtls_printf("usage: ecdsa\n");
+
+#if defined(_WIN32)
+        mbedtls_printf("\n");
+#endif
+
+        goto exit;
+    }
+
+    /*
+     * Generate a key pair for signing
+     */
+    mbedtls_printf("\n  . Seeding the random number generator...");
+    fflush(stdout);
+
+    mbedtls_entropy_init(&entropy);
+    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+                                     (const unsigned char *) pers,
+                                     strlen(pers))) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n  . Generating key pair...");
+    fflush(stdout);
+
+    if ((ret = mbedtls_ecdsa_genkey(&ctx_sign, ECPARAMS,
+                                    mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ecdsa_genkey returned %d\n", ret);
+        goto exit;
+    }
+
+    mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(&ctx_sign);
+    const mbedtls_ecp_curve_info *curve_info =
+        mbedtls_ecp_curve_info_from_grp_id(grp_id);
+    mbedtls_printf(" ok (key size: %d bits)\n", (int) curve_info->bit_size);
+
+    dump_pubkey("  + Public key: ", &ctx_sign);
+
+    /*
+     * Compute message hash
+     */
+    mbedtls_printf("  . Computing message hash...");
+    fflush(stdout);
+
+    if ((ret = mbedtls_sha256(message, sizeof(message), hash, 0)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_sha256 returned %d\n", ret);
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n");
+
+    dump_buf("  + Hash: ", hash, sizeof(hash));
+
+    /*
+     * Sign message hash
+     */
+    mbedtls_printf("  . Signing message hash...");
+    fflush(stdout);
+
+    if ((ret = mbedtls_ecdsa_write_signature(&ctx_sign, MBEDTLS_MD_SHA256,
+                                             hash, sizeof(hash),
+                                             sig, sizeof(sig), &sig_len,
+                                             mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ecdsa_write_signature returned %d\n", ret);
+        goto exit;
+    }
+    mbedtls_printf(" ok (signature length = %u)\n", (unsigned int) sig_len);
+
+    dump_buf("  + Signature: ", sig, sig_len);
+
+    /*
+     * Transfer public information to verifying context
+     *
+     * We could use the same context for verification and signatures, but we
+     * chose to use a new one in order to make it clear that the verifying
+     * context only needs the public key (Q), and not the private key (d).
+     */
+    mbedtls_printf("  . Preparing verification context...");
+    fflush(stdout);
+
+    if ((ret = mbedtls_ecp_export(&ctx_sign, NULL, NULL, &Q)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ecp_export returned %d\n", ret);
+        goto exit;
+    }
+
+    if ((ret = mbedtls_ecp_set_public_key(grp_id, &ctx_verify, &Q)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ecp_set_public_key returned %d\n", ret);
+        goto exit;
+    }
+
+    /*
+     * Verify signature
+     */
+    mbedtls_printf(" ok\n  . Verifying signature...");
+    fflush(stdout);
+
+    if ((ret = mbedtls_ecdsa_read_signature(&ctx_verify,
+                                            hash, sizeof(hash),
+                                            sig, sig_len)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ecdsa_read_signature returned %d\n", ret);
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n");
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+    mbedtls_ecdsa_free(&ctx_verify);
+    mbedtls_ecdsa_free(&ctx_sign);
+    mbedtls_ecp_point_free(&Q);
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+    mbedtls_entropy_free(&entropy);
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
+          ECPARAMS */
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
new file mode 100644
index 0000000..194a5cb
--- /dev/null
+++ b/programs/pkey/gen_key.c
@@ -0,0 +1,478 @@
+/*
+ *  Key generation application
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) ||    \
+    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) ||           \
+    !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_BIGNUM_C)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or "
+                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+                   "MBEDTLS_PEM_WRITE_C and/or MBEDTLS_BIGNUM_C "
+                   "not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/error.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/error.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if !defined(_WIN32)
+#include <unistd.h>
+
+#define DEV_RANDOM_THRESHOLD        32
+
+int dev_random_entropy_poll(void *data, unsigned char *output,
+                            size_t len, size_t *olen)
+{
+    FILE *file;
+    size_t ret, left = len;
+    unsigned char *p = output;
+    ((void) data);
+
+    *olen = 0;
+
+    file = fopen("/dev/random", "rb");
+    if (file == NULL) {
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+    }
+
+    while (left > 0) {
+        /* /dev/random can return much less than requested. If so, try again */
+        ret = fread(p, 1, left, file);
+        if (ret == 0 && ferror(file)) {
+            fclose(file);
+            return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+        }
+
+        p += ret;
+        left -= ret;
+        sleep(1);
+    }
+    fclose(file);
+    *olen = len;
+
+    return 0;
+}
+#endif /* !_WIN32 */
+
+#if defined(MBEDTLS_ECP_C)
+#define DFL_EC_CURVE            mbedtls_ecp_curve_list()->grp_id
+#else
+#define DFL_EC_CURVE            0
+#endif
+
+#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
+#define USAGE_DEV_RANDOM \
+    "    use_dev_random=0|1    default: 0\n"
+#else
+#define USAGE_DEV_RANDOM ""
+#endif /* !_WIN32 && MBEDTLS_FS_IO */
+
+#define FORMAT_PEM              0
+#define FORMAT_DER              1
+
+#define DFL_TYPE                MBEDTLS_PK_RSA
+#define DFL_RSA_KEYSIZE         4096
+#define DFL_FILENAME            "keyfile.key"
+#define DFL_FORMAT              FORMAT_PEM
+#define DFL_USE_DEV_RANDOM      0
+
+#define USAGE \
+    "\n usage: gen_key param=<>...\n"                   \
+    "\n acceptable parameters:\n"                       \
+    "    type=rsa|ec           default: rsa\n"          \
+    "    rsa_keysize=%%d        default: 4096\n"        \
+    "    ec_curve=%%s           see below\n"            \
+    "    filename=%%s           default: keyfile.key\n" \
+    "    format=pem|der        default: pem\n"          \
+    USAGE_DEV_RANDOM                                    \
+    "\n"
+
+
+/*
+ * global options
+ */
+struct options {
+    int type;                   /* the type of key to generate          */
+    int rsa_keysize;            /* length of key in bits                */
+    int ec_curve;               /* curve identifier for EC keys         */
+    const char *filename;       /* filename of the key file             */
+    int format;                 /* the output format to use             */
+    int use_dev_random;         /* use /dev/random as entropy source    */
+} opt;
+
+static int write_private_key(mbedtls_pk_context *key, const char *output_file)
+{
+    int ret;
+    FILE *f;
+    unsigned char output_buf[16000];
+    unsigned char *c = output_buf;
+    size_t len = 0;
+
+    memset(output_buf, 0, 16000);
+    if (opt.format == FORMAT_PEM) {
+        if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) {
+            return ret;
+        }
+
+        len = strlen((char *) output_buf);
+    } else {
+        if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) {
+            return ret;
+        }
+
+        len = ret;
+        c = output_buf + sizeof(output_buf) - len;
+    }
+
+    if ((f = fopen(output_file, "wb")) == NULL) {
+        return -1;
+    }
+
+    if (fwrite(c, 1, len, f) != len) {
+        fclose(f);
+        return -1;
+    }
+
+    fclose(f);
+
+    return 0;
+}
+
+#if defined(MBEDTLS_ECP_C)
+static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private)
+{
+    int ret = 0;
+
+    const mbedtls_ecp_curve_info *curve_info =
+        mbedtls_ecp_curve_info_from_grp_id(
+            mbedtls_ecp_keypair_get_group_id(ecp));
+    mbedtls_printf("curve: %s\n", curve_info->name);
+
+    mbedtls_ecp_group grp;
+    mbedtls_ecp_group_init(&grp);
+    mbedtls_mpi D;
+    mbedtls_mpi_init(&D);
+    mbedtls_ecp_point pt;
+    mbedtls_ecp_point_init(&pt);
+    mbedtls_mpi X, Y;
+    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
+
+    MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp,
+                                       (has_private ? &D : NULL),
+                                       &pt));
+
+    unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN];
+    size_t len = 0;
+    MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary(
+                        &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED,
+                        &len, point_bin, sizeof(point_bin)));
+    switch (mbedtls_ecp_get_type(&grp)) {
+        case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
+            if ((len & 1) == 0 || point_bin[0] != 0x04) {
+                /* Point in an unxepected format. This shouldn't happen. */
+                ret = -1;
+                goto cleanup;
+            }
+            MBEDTLS_MPI_CHK(
+                mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2));
+            MBEDTLS_MPI_CHK(
+                mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2));
+            mbedtls_mpi_write_file("X_Q:   ", &X, 16, NULL);
+            mbedtls_mpi_write_file("Y_Q:   ", &Y, 16, NULL);
+            break;
+        case MBEDTLS_ECP_TYPE_MONTGOMERY:
+            MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len));
+            mbedtls_mpi_write_file("X_Q:   ", &X, 16, NULL);
+            break;
+        default:
+            mbedtls_printf(
+                "This program does not yet support listing coordinates for this curve type.\n");
+            break;
+    }
+
+    if (has_private) {
+        mbedtls_mpi_write_file("D:     ", &D, 16, NULL);
+    }
+
+cleanup:
+    mbedtls_ecp_group_free(&grp);
+    mbedtls_mpi_free(&D);
+    mbedtls_ecp_point_free(&pt);
+    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
+    return ret;
+}
+#endif
+
+int main(int argc, char *argv[])
+{
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    mbedtls_pk_context key;
+    char buf[1024];
+    int i;
+    char *p, *q;
+#if defined(MBEDTLS_RSA_C)
+    mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+#endif /* MBEDTLS_RSA_C */
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    const char *pers = "gen_key";
+#if defined(MBEDTLS_ECP_C)
+    const mbedtls_ecp_curve_info *curve_info;
+#endif
+
+    /*
+     * Set to sane values
+     */
+#if defined(MBEDTLS_RSA_C)
+    mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+    mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+    mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
+#endif /* MBEDTLS_RSA_C */
+
+    mbedtls_entropy_init(&entropy);
+    mbedtls_pk_init(&key);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+    memset(buf, 0, sizeof(buf));
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        goto exit;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    if (argc < 2) {
+usage:
+        mbedtls_printf(USAGE);
+#if defined(MBEDTLS_ECP_C)
+        mbedtls_printf(" available ec_curve values:\n");
+        curve_info = mbedtls_ecp_curve_list();
+        mbedtls_printf("    %s (default)\n", curve_info->name);
+        while ((++curve_info)->name != NULL) {
+            mbedtls_printf("    %s\n", curve_info->name);
+        }
+#endif /* MBEDTLS_ECP_C */
+        goto exit;
+    }
+
+    opt.type                = DFL_TYPE;
+    opt.rsa_keysize         = DFL_RSA_KEYSIZE;
+    opt.ec_curve            = DFL_EC_CURVE;
+    opt.filename            = DFL_FILENAME;
+    opt.format              = DFL_FORMAT;
+    opt.use_dev_random      = DFL_USE_DEV_RANDOM;
+
+    for (i = 1; i < argc; i++) {
+        p = argv[i];
+        if ((q = strchr(p, '=')) == NULL) {
+            goto usage;
+        }
+        *q++ = '\0';
+
+        if (strcmp(p, "type") == 0) {
+            if (strcmp(q, "rsa") == 0) {
+                opt.type = MBEDTLS_PK_RSA;
+            } else if (strcmp(q, "ec") == 0) {
+                opt.type = MBEDTLS_PK_ECKEY;
+            } else {
+                goto usage;
+            }
+        } else if (strcmp(p, "format") == 0) {
+            if (strcmp(q, "pem") == 0) {
+                opt.format = FORMAT_PEM;
+            } else if (strcmp(q, "der") == 0) {
+                opt.format = FORMAT_DER;
+            } else {
+                goto usage;
+            }
+        } else if (strcmp(p, "rsa_keysize") == 0) {
+            opt.rsa_keysize = atoi(q);
+            if (opt.rsa_keysize < 1024 ||
+                opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS) {
+                goto usage;
+            }
+        }
+#if defined(MBEDTLS_ECP_C)
+        else if (strcmp(p, "ec_curve") == 0) {
+            if ((curve_info = mbedtls_ecp_curve_info_from_name(q)) == NULL) {
+                goto usage;
+            }
+            opt.ec_curve = curve_info->grp_id;
+        }
+#endif
+        else if (strcmp(p, "filename") == 0) {
+            opt.filename = q;
+        } else if (strcmp(p, "use_dev_random") == 0) {
+            opt.use_dev_random = atoi(q);
+            if (opt.use_dev_random < 0 || opt.use_dev_random > 1) {
+                goto usage;
+            }
+        } else {
+            goto usage;
+        }
+    }
+
+    mbedtls_printf("\n  . Seeding the random number generator...");
+    fflush(stdout);
+
+#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
+    if (opt.use_dev_random) {
+        if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll,
+                                              NULL, DEV_RANDOM_THRESHOLD,
+                                              MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) {
+            mbedtls_printf(" failed\n  ! mbedtls_entropy_add_source returned -0x%04x\n",
+                           (unsigned int) -ret);
+            goto exit;
+        }
+
+        mbedtls_printf("\n    Using /dev/random, so can take a long time! ");
+        fflush(stdout);
+    }
+#endif /* !_WIN32 && MBEDTLS_FS_IO */
+
+    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+                                     (const unsigned char *) pers,
+                                     strlen(pers))) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+                       (unsigned int) -ret);
+        goto exit;
+    }
+
+    /*
+     * 1.1. Generate the key
+     */
+    mbedtls_printf("\n  . Generating the private key ...");
+    fflush(stdout);
+
+    if ((ret = mbedtls_pk_setup(&key,
+                                mbedtls_pk_info_from_type((mbedtls_pk_type_t) opt.type))) != 0) {
+        mbedtls_printf(" failed\n  !  mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret);
+        goto exit;
+    }
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
+    if (opt.type == MBEDTLS_PK_RSA) {
+        ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(key), mbedtls_ctr_drbg_random, &ctr_drbg,
+                                  opt.rsa_keysize, 65537);
+        if (ret != 0) {
+            mbedtls_printf(" failed\n  !  mbedtls_rsa_gen_key returned -0x%04x",
+                           (unsigned int) -ret);
+            goto exit;
+        }
+    } else
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECP_C)
+    if (opt.type == MBEDTLS_PK_ECKEY) {
+        ret = mbedtls_ecp_gen_key((mbedtls_ecp_group_id) opt.ec_curve,
+                                  mbedtls_pk_ec(key),
+                                  mbedtls_ctr_drbg_random, &ctr_drbg);
+        if (ret != 0) {
+            mbedtls_printf(" failed\n  !  mbedtls_ecp_gen_key returned -0x%04x",
+                           (unsigned int) -ret);
+            goto exit;
+        }
+    } else
+#endif /* MBEDTLS_ECP_C */
+    {
+        mbedtls_printf(" failed\n  !  key type not supported\n");
+        goto exit;
+    }
+
+    /*
+     * 1.2 Print the key
+     */
+    mbedtls_printf(" ok\n  . Key information:\n");
+
+#if defined(MBEDTLS_RSA_C)
+    if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
+        mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
+
+        if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
+            (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP))      != 0) {
+            mbedtls_printf(" failed\n  ! could not export RSA parameters\n\n");
+            goto exit;
+        }
+
+        mbedtls_mpi_write_file("N:  ",  &N,  16, NULL);
+        mbedtls_mpi_write_file("E:  ",  &E,  16, NULL);
+        mbedtls_mpi_write_file("D:  ",  &D,  16, NULL);
+        mbedtls_mpi_write_file("P:  ",  &P,  16, NULL);
+        mbedtls_mpi_write_file("Q:  ",  &Q,  16, NULL);
+        mbedtls_mpi_write_file("DP: ",  &DP, 16, NULL);
+        mbedtls_mpi_write_file("DQ:  ", &DQ, 16, NULL);
+        mbedtls_mpi_write_file("QP:  ", &QP, 16, NULL);
+    } else
+#endif
+#if defined(MBEDTLS_ECP_C)
+    if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
+        if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) {
+            mbedtls_printf(" failed\n  ! could not export ECC parameters\n\n");
+            goto exit;
+        }
+    } else
+#endif
+    mbedtls_printf("  ! key type not supported\n");
+
+    /*
+     * 1.3 Export key
+     */
+    mbedtls_printf("  . Writing key to file...");
+
+    if ((ret = write_private_key(&key, opt.filename)) != 0) {
+        mbedtls_printf(" failed\n");
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n");
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+#ifdef MBEDTLS_ERROR_C
+        mbedtls_strerror(ret, buf, sizeof(buf));
+        mbedtls_printf(" - %s\n", buf);
+#else
+        mbedtls_printf("\n");
+#endif
+    }
+
+#if defined(MBEDTLS_RSA_C)
+    mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+    mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+    mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+#endif /* MBEDTLS_RSA_C */
+
+    mbedtls_pk_free(&key);
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+    mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    mbedtls_exit(exit_code);
+}
+#endif /* program viability conditions */
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
new file mode 100644
index 0000000..e3a6966
--- /dev/null
+++ b/programs/pkey/key_app.c
@@ -0,0 +1,368 @@
+/*
+ *  Key reading application
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_BIGNUM_C) && \
+    defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \
+    defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/error.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <string.h>
+#endif
+
+#define MODE_NONE               0
+#define MODE_PRIVATE            1
+#define MODE_PUBLIC             2
+
+#define DFL_MODE                MODE_NONE
+#define DFL_FILENAME            "keyfile.key"
+#define DFL_PASSWORD            ""
+#define DFL_PASSWORD_FILE       ""
+#define DFL_DEBUG_LEVEL         0
+
+#define USAGE \
+    "\n usage: key_app param=<>...\n"                   \
+    "\n acceptable parameters:\n"                       \
+    "    mode=private|public default: none\n"           \
+    "    filename=%%s         default: keyfile.key\n"   \
+    "    password=%%s         default: \"\"\n"          \
+    "    password_file=%%s    default: \"\"\n"          \
+    "\n"
+
+#if !defined(MBEDTLS_BIGNUM_C) ||                                  \
+    !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
+                   "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
+                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+
+#if defined(MBEDTLS_ECP_C)
+static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private)
+{
+    int ret = 0;
+
+    const mbedtls_ecp_curve_info *curve_info =
+        mbedtls_ecp_curve_info_from_grp_id(
+            mbedtls_ecp_keypair_get_group_id(ecp));
+    mbedtls_printf("curve: %s\n", curve_info->name);
+
+    mbedtls_ecp_group grp;
+    mbedtls_ecp_group_init(&grp);
+    mbedtls_mpi D;
+    mbedtls_mpi_init(&D);
+    mbedtls_ecp_point pt;
+    mbedtls_ecp_point_init(&pt);
+    mbedtls_mpi X, Y;
+    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
+
+    MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp,
+                                       (has_private ? &D : NULL),
+                                       &pt));
+
+    unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN];
+    size_t len = 0;
+    MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary(
+                        &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED,
+                        &len, point_bin, sizeof(point_bin)));
+    switch (mbedtls_ecp_get_type(&grp)) {
+        case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
+            if ((len & 1) == 0 || point_bin[0] != 0x04) {
+                /* Point in an unxepected format. This shouldn't happen. */
+                ret = -1;
+                goto cleanup;
+            }
+            MBEDTLS_MPI_CHK(
+                mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2));
+            MBEDTLS_MPI_CHK(
+                mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2));
+            mbedtls_mpi_write_file("X_Q:   ", &X, 16, NULL);
+            mbedtls_mpi_write_file("Y_Q:   ", &Y, 16, NULL);
+            break;
+        case MBEDTLS_ECP_TYPE_MONTGOMERY:
+            MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len));
+            mbedtls_mpi_write_file("X_Q:   ", &X, 16, NULL);
+            break;
+        default:
+            mbedtls_printf(
+                "This program does not yet support listing coordinates for this curve type.\n");
+            break;
+    }
+
+    if (has_private) {
+        mbedtls_mpi_write_file("D:     ", &D, 16, NULL);
+    }
+
+cleanup:
+    mbedtls_ecp_group_free(&grp);
+    mbedtls_mpi_free(&D);
+    mbedtls_ecp_point_free(&pt);
+    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
+    return ret;
+}
+#endif
+
+/*
+ * global options
+ */
+struct options {
+    int mode;                   /* the mode to run the application in   */
+    const char *filename;       /* filename of the key file             */
+    const char *password;       /* password for the private key         */
+    const char *password_file;  /* password_file for the private key    */
+} opt;
+
+int main(int argc, char *argv[])
+{
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    char buf[1024];
+    int i;
+    char *p, *q;
+
+    const char *pers = "pkey/key_app";
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+
+    mbedtls_pk_context pk;
+    mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+
+    /*
+     * Set to sane values
+     */
+    mbedtls_entropy_init(&entropy);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+
+    mbedtls_pk_init(&pk);
+    memset(buf, 0, sizeof(buf));
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        goto cleanup;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+    mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+    mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
+
+    if (argc < 2) {
+usage:
+        mbedtls_printf(USAGE);
+        goto cleanup;
+    }
+
+    opt.mode                = DFL_MODE;
+    opt.filename            = DFL_FILENAME;
+    opt.password            = DFL_PASSWORD;
+    opt.password_file       = DFL_PASSWORD_FILE;
+
+    for (i = 1; i < argc; i++) {
+        p = argv[i];
+        if ((q = strchr(p, '=')) == NULL) {
+            goto usage;
+        }
+        *q++ = '\0';
+
+        if (strcmp(p, "mode") == 0) {
+            if (strcmp(q, "private") == 0) {
+                opt.mode = MODE_PRIVATE;
+            } else if (strcmp(q, "public") == 0) {
+                opt.mode = MODE_PUBLIC;
+            } else {
+                goto usage;
+            }
+        } else if (strcmp(p, "filename") == 0) {
+            opt.filename = q;
+        } else if (strcmp(p, "password") == 0) {
+            opt.password = q;
+        } else if (strcmp(p, "password_file") == 0) {
+            opt.password_file = q;
+        } else {
+            goto usage;
+        }
+    }
+
+    if (opt.mode == MODE_PRIVATE) {
+        if (strlen(opt.password) && strlen(opt.password_file)) {
+            mbedtls_printf("Error: cannot have both password and password_file\n");
+            goto usage;
+        }
+
+        if (strlen(opt.password_file)) {
+            FILE *f;
+
+            mbedtls_printf("\n  . Loading the password file ...");
+            if ((f = fopen(opt.password_file, "rb")) == NULL) {
+                mbedtls_printf(" failed\n  !  fopen returned NULL\n");
+                goto cleanup;
+            }
+            if (fgets(buf, sizeof(buf), f) == NULL) {
+                fclose(f);
+                mbedtls_printf("Error: fgets() failed to retrieve password\n");
+                goto cleanup;
+            }
+            fclose(f);
+
+            i = (int) strlen(buf);
+            if (buf[i - 1] == '\n') {
+                buf[i - 1] = '\0';
+            }
+            if (buf[i - 2] == '\r') {
+                buf[i - 2] = '\0';
+            }
+            opt.password = buf;
+        }
+
+        /*
+         * 1.1. Load the key
+         */
+        mbedtls_printf("\n  . Loading the private key ...");
+        fflush(stdout);
+
+        if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+                                         (const unsigned char *) pers,
+                                         strlen(pers))) != 0) {
+            mbedtls_printf(" failed\n  !  mbedtls_ctr_drbg_seed returned -0x%04x\n",
+                           (unsigned int) -ret);
+            goto cleanup;
+        }
+
+        ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password,
+                                       mbedtls_ctr_drbg_random, &ctr_drbg);
+
+        if (ret != 0) {
+            mbedtls_printf(" failed\n  !  mbedtls_pk_parse_keyfile returned -0x%04x\n",
+                           (unsigned int) -ret);
+            goto cleanup;
+        }
+
+        mbedtls_printf(" ok\n");
+
+        /*
+         * 1.2 Print the key
+         */
+        mbedtls_printf("  . Key information    ...\n");
+#if defined(MBEDTLS_RSA_C)
+        if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
+            mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
+
+            if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
+                (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP))      != 0) {
+                mbedtls_printf(" failed\n  ! could not export RSA parameters\n\n");
+                goto cleanup;
+            }
+
+            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N:  ", &N, 16, NULL));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E:  ", &E, 16, NULL));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D:  ", &D, 16, NULL));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("P:  ", &P, 16, NULL));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q:  ", &Q, 16, NULL));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DP: ", &DP, 16, NULL));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DQ:  ", &DQ, 16, NULL));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("QP:  ", &QP, 16, NULL));
+        } else
+#endif
+#if defined(MBEDTLS_ECP_C)
+        if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
+            if (show_ecp_key(mbedtls_pk_ec(pk), 1) != 0) {
+                mbedtls_printf(" failed\n  ! could not export ECC parameters\n\n");
+                goto cleanup;
+            }
+        } else
+#endif
+        {
+            mbedtls_printf("Do not know how to print key information for this type\n");
+            goto cleanup;
+        }
+    } else if (opt.mode == MODE_PUBLIC) {
+        /*
+         * 1.1. Load the key
+         */
+        mbedtls_printf("\n  . Loading the public key ...");
+        fflush(stdout);
+
+        ret = mbedtls_pk_parse_public_keyfile(&pk, opt.filename);
+
+        if (ret != 0) {
+            mbedtls_printf(" failed\n  !  mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
+                           (unsigned int) -ret);
+            goto cleanup;
+        }
+
+        mbedtls_printf(" ok\n");
+
+        mbedtls_printf("  . Key information    ...\n");
+#if defined(MBEDTLS_RSA_C)
+        if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
+            mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
+
+            if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL,
+                                          NULL, &E)) != 0) {
+                mbedtls_printf(" failed\n  ! could not export RSA parameters\n\n");
+                goto cleanup;
+            }
+            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N:  ", &N, 16, NULL));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E:  ", &E, 16, NULL));
+        } else
+#endif
+#if defined(MBEDTLS_ECP_C)
+        if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
+            if (show_ecp_key(mbedtls_pk_ec(pk), 0) != 0) {
+                mbedtls_printf(" failed\n  ! could not export ECC parameters\n\n");
+                goto cleanup;
+            }
+        } else
+#endif
+        {
+            mbedtls_printf("Do not know how to print key information for this type\n");
+            goto cleanup;
+        }
+    } else {
+        goto usage;
+    }
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+cleanup:
+
+#if defined(MBEDTLS_ERROR_C)
+    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+        mbedtls_strerror(ret, buf, sizeof(buf));
+        mbedtls_printf("  !  Last error was: %s\n", buf);
+    }
+#endif
+
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+    mbedtls_entropy_free(&entropy);
+    mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+    mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+    mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+    mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
+          MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
new file mode 100644
index 0000000..60f992e
--- /dev/null
+++ b/programs/pkey/key_app_writer.c
@@ -0,0 +1,495 @@
+/*
+ *  Key writing application
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_PK_PARSE_C) || \
+    !defined(MBEDTLS_PK_WRITE_C) || \
+    !defined(MBEDTLS_FS_IO)      || \
+    !defined(MBEDTLS_ENTROPY_C)  || \
+    !defined(MBEDTLS_CTR_DRBG_C) || \
+    !defined(MBEDTLS_BIGNUM_C)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or "
+                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+                   "MBEDTLS_FS_IO and/or MBEDTLS_BIGNUM_C not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/error.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/error.h"
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+#define USAGE_OUT \
+    "    output_file=%%s      default: keyfile.pem\n"   \
+    "    output_format=pem|der default: pem\n"
+#else
+#define USAGE_OUT \
+    "    output_file=%%s      default: keyfile.der\n"   \
+    "    output_format=der     default: der\n"
+#endif
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+#define DFL_OUTPUT_FILENAME     "keyfile.pem"
+#define DFL_OUTPUT_FORMAT       OUTPUT_FORMAT_PEM
+#else
+#define DFL_OUTPUT_FILENAME     "keyfile.der"
+#define DFL_OUTPUT_FORMAT       OUTPUT_FORMAT_DER
+#endif
+
+#define DFL_MODE                MODE_NONE
+#define DFL_FILENAME            "keyfile.key"
+#define DFL_DEBUG_LEVEL         0
+#define DFL_OUTPUT_MODE         OUTPUT_MODE_NONE
+
+#define MODE_NONE               0
+#define MODE_PRIVATE            1
+#define MODE_PUBLIC             2
+
+#define OUTPUT_MODE_NONE               0
+#define OUTPUT_MODE_PRIVATE            1
+#define OUTPUT_MODE_PUBLIC             2
+
+#define OUTPUT_FORMAT_PEM              0
+#define OUTPUT_FORMAT_DER              1
+
+#define USAGE \
+    "\n usage: key_app_writer param=<>...\n"            \
+    "\n acceptable parameters:\n"                       \
+    "    mode=private|public default: none\n"           \
+    "    filename=%%s         default: keyfile.key\n"   \
+    "    output_mode=private|public default: none\n"    \
+    USAGE_OUT                                           \
+    "\n"
+
+
+/*
+ * global options
+ */
+struct options {
+    int mode;                   /* the mode to run the application in   */
+    const char *filename;       /* filename of the key file             */
+    int output_mode;            /* the output mode to use               */
+    const char *output_file;    /* where to store the constructed key file  */
+    int output_format;          /* the output format to use             */
+} opt;
+
+static int write_public_key(mbedtls_pk_context *key, const char *output_file)
+{
+    int ret;
+    FILE *f;
+    unsigned char output_buf[16000];
+    unsigned char *c = output_buf;
+    size_t len = 0;
+
+    memset(output_buf, 0, 16000);
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+    if (opt.output_format == OUTPUT_FORMAT_PEM) {
+        if ((ret = mbedtls_pk_write_pubkey_pem(key, output_buf, 16000)) != 0) {
+            return ret;
+        }
+
+        len = strlen((char *) output_buf);
+    } else
+#endif
+    {
+        if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf, 16000)) < 0) {
+            return ret;
+        }
+
+        len = ret;
+        c = output_buf + sizeof(output_buf) - len;
+    }
+
+    if ((f = fopen(output_file, "w")) == NULL) {
+        return -1;
+    }
+
+    if (fwrite(c, 1, len, f) != len) {
+        fclose(f);
+        return -1;
+    }
+
+    fclose(f);
+
+    return 0;
+}
+
+static int write_private_key(mbedtls_pk_context *key, const char *output_file)
+{
+    int ret;
+    FILE *f;
+    unsigned char output_buf[16000];
+    unsigned char *c = output_buf;
+    size_t len = 0;
+
+    memset(output_buf, 0, 16000);
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+    if (opt.output_format == OUTPUT_FORMAT_PEM) {
+        if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) {
+            return ret;
+        }
+
+        len = strlen((char *) output_buf);
+    } else
+#endif
+    {
+        if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) {
+            return ret;
+        }
+
+        len = ret;
+        c = output_buf + sizeof(output_buf) - len;
+    }
+
+    if ((f = fopen(output_file, "w")) == NULL) {
+        return -1;
+    }
+
+    if (fwrite(c, 1, len, f) != len) {
+        fclose(f);
+        return -1;
+    }
+
+    fclose(f);
+
+    return 0;
+}
+
+#if defined(MBEDTLS_ECP_C)
+static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private)
+{
+    int ret = 0;
+
+    const mbedtls_ecp_curve_info *curve_info =
+        mbedtls_ecp_curve_info_from_grp_id(
+            mbedtls_ecp_keypair_get_group_id(ecp));
+    mbedtls_printf("curve: %s\n", curve_info->name);
+
+    mbedtls_ecp_group grp;
+    mbedtls_ecp_group_init(&grp);
+    mbedtls_mpi D;
+    mbedtls_mpi_init(&D);
+    mbedtls_ecp_point pt;
+    mbedtls_ecp_point_init(&pt);
+    mbedtls_mpi X, Y;
+    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
+
+    MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp,
+                                       (has_private ? &D : NULL),
+                                       &pt));
+
+    unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN];
+    size_t len = 0;
+    MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary(
+                        &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED,
+                        &len, point_bin, sizeof(point_bin)));
+    switch (mbedtls_ecp_get_type(&grp)) {
+        case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
+            if ((len & 1) == 0 || point_bin[0] != 0x04) {
+                /* Point in an unxepected format. This shouldn't happen. */
+                ret = -1;
+                goto cleanup;
+            }
+            MBEDTLS_MPI_CHK(
+                mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2));
+            MBEDTLS_MPI_CHK(
+                mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2));
+            mbedtls_mpi_write_file("X_Q:   ", &X, 16, NULL);
+            mbedtls_mpi_write_file("Y_Q:   ", &Y, 16, NULL);
+            break;
+        case MBEDTLS_ECP_TYPE_MONTGOMERY:
+            MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len));
+            mbedtls_mpi_write_file("X_Q:   ", &X, 16, NULL);
+            break;
+        default:
+            mbedtls_printf(
+                "This program does not yet support listing coordinates for this curve type.\n");
+            break;
+    }
+
+    if (has_private) {
+        mbedtls_mpi_write_file("D:     ", &D, 16, NULL);
+    }
+
+cleanup:
+    mbedtls_ecp_group_free(&grp);
+    mbedtls_mpi_free(&D);
+    mbedtls_ecp_point_free(&pt);
+    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
+    return ret;
+}
+#endif
+
+int main(int argc, char *argv[])
+{
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+#if defined(MBEDTLS_ERROR_C)
+    char buf[200];
+#endif
+    int i;
+    char *p, *q;
+
+    const char *pers = "pkey/key_app";
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+
+    mbedtls_pk_context key;
+#if defined(MBEDTLS_RSA_C)
+    mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+#endif /* MBEDTLS_RSA_C */
+
+    /*
+     * Set to sane values
+     */
+    mbedtls_entropy_init(&entropy);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+
+    mbedtls_pk_init(&key);
+#if defined(MBEDTLS_ERROR_C)
+    memset(buf, 0, sizeof(buf));
+#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        goto exit;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_RSA_C)
+    mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+    mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+    mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
+#endif /* MBEDTLS_RSA_C */
+
+    if (argc < 2) {
+usage:
+        mbedtls_printf(USAGE);
+        goto exit;
+    }
+
+    opt.mode                = DFL_MODE;
+    opt.filename            = DFL_FILENAME;
+    opt.output_mode         = DFL_OUTPUT_MODE;
+    opt.output_file         = DFL_OUTPUT_FILENAME;
+    opt.output_format       = DFL_OUTPUT_FORMAT;
+
+    for (i = 1; i < argc; i++) {
+        p = argv[i];
+        if ((q = strchr(p, '=')) == NULL) {
+            goto usage;
+        }
+        *q++ = '\0';
+
+        if (strcmp(p, "mode") == 0) {
+            if (strcmp(q, "private") == 0) {
+                opt.mode = MODE_PRIVATE;
+            } else if (strcmp(q, "public") == 0) {
+                opt.mode = MODE_PUBLIC;
+            } else {
+                goto usage;
+            }
+        } else if (strcmp(p, "output_mode") == 0) {
+            if (strcmp(q, "private") == 0) {
+                opt.output_mode = OUTPUT_MODE_PRIVATE;
+            } else if (strcmp(q, "public") == 0) {
+                opt.output_mode = OUTPUT_MODE_PUBLIC;
+            } else {
+                goto usage;
+            }
+        } else if (strcmp(p, "output_format") == 0) {
+#if defined(MBEDTLS_PEM_WRITE_C)
+            if (strcmp(q, "pem") == 0) {
+                opt.output_format = OUTPUT_FORMAT_PEM;
+            } else
+#endif
+            if (strcmp(q, "der") == 0) {
+                opt.output_format = OUTPUT_FORMAT_DER;
+            } else {
+                goto usage;
+            }
+        } else if (strcmp(p, "filename") == 0) {
+            opt.filename = q;
+        } else if (strcmp(p, "output_file") == 0) {
+            opt.output_file = q;
+        } else {
+            goto usage;
+        }
+    }
+
+    if (opt.mode == MODE_NONE && opt.output_mode != OUTPUT_MODE_NONE) {
+        mbedtls_printf("\nCannot output a key without reading one.\n");
+        goto exit;
+    }
+
+    if (opt.mode == MODE_PUBLIC && opt.output_mode == OUTPUT_MODE_PRIVATE) {
+        mbedtls_printf("\nCannot output a private key from a public key.\n");
+        goto exit;
+    }
+
+    if (opt.mode == MODE_PRIVATE) {
+        /*
+         * 1.1. Load the key
+         */
+        mbedtls_printf("\n  . Loading the private key ...");
+        fflush(stdout);
+
+        if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+                                         (const unsigned char *) pers,
+                                         strlen(pers))) != 0) {
+            mbedtls_printf(" failed\n  !  mbedtls_ctr_drbg_seed returned -0x%04x\n",
+                           (unsigned int) -ret);
+            goto exit;
+        }
+
+        ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL,
+                                       mbedtls_ctr_drbg_random, &ctr_drbg);
+        if (ret != 0) {
+            mbedtls_printf(" failed\n  !  mbedtls_pk_parse_keyfile returned -0x%04x",
+                           (unsigned int) -ret);
+            goto exit;
+        }
+
+        mbedtls_printf(" ok\n");
+
+        /*
+         * 1.2 Print the key
+         */
+        mbedtls_printf("  . Key information    ...\n");
+
+#if defined(MBEDTLS_RSA_C)
+        if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
+            mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
+
+            if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
+                (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP))      != 0) {
+                mbedtls_printf(" failed\n  ! could not export RSA parameters\n\n");
+                goto exit;
+            }
+
+            mbedtls_mpi_write_file("N:  ",  &N,  16, NULL);
+            mbedtls_mpi_write_file("E:  ",  &E,  16, NULL);
+            mbedtls_mpi_write_file("D:  ",  &D,  16, NULL);
+            mbedtls_mpi_write_file("P:  ",  &P,  16, NULL);
+            mbedtls_mpi_write_file("Q:  ",  &Q,  16, NULL);
+            mbedtls_mpi_write_file("DP: ",  &DP, 16, NULL);
+            mbedtls_mpi_write_file("DQ:  ", &DQ, 16, NULL);
+            mbedtls_mpi_write_file("QP:  ", &QP, 16, NULL);
+        } else
+#endif
+#if defined(MBEDTLS_ECP_C)
+        if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
+            if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) {
+                mbedtls_printf(" failed\n  ! could not export ECC parameters\n\n");
+                goto exit;
+            }
+        } else
+#endif
+        mbedtls_printf("key type not supported yet\n");
+
+    } else if (opt.mode == MODE_PUBLIC) {
+        /*
+         * 1.1. Load the key
+         */
+        mbedtls_printf("\n  . Loading the public key ...");
+        fflush(stdout);
+
+        ret = mbedtls_pk_parse_public_keyfile(&key, opt.filename);
+
+        if (ret != 0) {
+            mbedtls_printf(" failed\n  !  mbedtls_pk_parse_public_key returned -0x%04x",
+                           (unsigned int) -ret);
+            goto exit;
+        }
+
+        mbedtls_printf(" ok\n");
+
+        /*
+         * 1.2 Print the key
+         */
+        mbedtls_printf("  . Key information    ...\n");
+
+#if defined(MBEDTLS_RSA_C)
+        if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
+            mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
+
+            if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL,
+                                          NULL, &E)) != 0) {
+                mbedtls_printf(" failed\n  ! could not export RSA parameters\n\n");
+                goto exit;
+            }
+            mbedtls_mpi_write_file("N: ", &N, 16, NULL);
+            mbedtls_mpi_write_file("E: ", &E, 16, NULL);
+        } else
+#endif
+#if defined(MBEDTLS_ECP_C)
+        if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
+            if (show_ecp_key(mbedtls_pk_ec(key), 0) != 0) {
+                mbedtls_printf(" failed\n  ! could not export ECC parameters\n\n");
+                goto exit;
+            }
+        } else
+#endif
+        mbedtls_printf("key type not supported yet\n");
+    } else {
+        goto usage;
+    }
+
+    if (opt.output_mode == OUTPUT_MODE_PUBLIC) {
+        write_public_key(&key, opt.output_file);
+    }
+    if (opt.output_mode == OUTPUT_MODE_PRIVATE) {
+        write_private_key(&key, opt.output_file);
+    }
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+#ifdef MBEDTLS_ERROR_C
+        mbedtls_strerror(ret, buf, sizeof(buf));
+        mbedtls_printf(" - %s\n", buf);
+#else
+        mbedtls_printf("\n");
+#endif
+    }
+
+#if defined(MBEDTLS_RSA_C)
+    mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+    mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+    mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+#endif /* MBEDTLS_RSA_C */
+
+    mbedtls_pk_free(&key);
+
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+    mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    mbedtls_exit(exit_code);
+}
+#endif /* program viability conditions */
diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
new file mode 100644
index 0000000..e83aa32
--- /dev/null
+++ b/programs/pkey/mpi_demo.c
@@ -0,0 +1,84 @@
+/*
+ *  Simple MPI demonstration program
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_FS_IO)
+#include "mbedtls/bignum.h"
+
+#include <stdio.h>
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_FS_IO)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+
+int main(void)
+{
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    mbedtls_mpi E, P, Q, N, H, D, X, Y, Z;
+
+    mbedtls_mpi_init(&E); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&N);
+    mbedtls_mpi_init(&H); mbedtls_mpi_init(&D); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
+    mbedtls_mpi_init(&Z);
+
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P, 10, "2789"));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&Q, 10, "3203"));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&E, 10,  "257"));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&N, &P, &Q));
+
+    mbedtls_printf("\n  Public key:\n\n");
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("  N = ", &N, 10, NULL));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("  E = ", &E, 10, NULL));
+
+    mbedtls_printf("\n  Private key:\n\n");
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("  P = ", &P, 10, NULL));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("  Q = ", &Q, 10, NULL));
+
+#if defined(MBEDTLS_GENPRIME)
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P, &P, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q, &Q, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&H, &P, &Q));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&D, &E, &H));
+
+    mbedtls_mpi_write_file("  D = E^-1 mod (P-1)*(Q-1) = ",
+                           &D, 10, NULL);
+#else
+    mbedtls_printf("\nTest skipped (MBEDTLS_GENPRIME not defined).\n\n");
+#endif
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&X, 10, "55555"));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Y, &X, &E, &N, NULL));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Z, &Y, &D, &N, NULL));
+
+    mbedtls_printf("\n  RSA operation:\n\n");
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("  X (plaintext)  = ", &X, 10, NULL));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("  Y (ciphertext) = X^E mod N = ", &Y, 10, NULL));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("  Z (decrypted)  = Y^D mod N = ", &Z, 10, NULL));
+    mbedtls_printf("\n");
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+cleanup:
+    mbedtls_mpi_free(&E); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&N);
+    mbedtls_mpi_free(&H); mbedtls_mpi_free(&D); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
+    mbedtls_mpi_free(&Z);
+
+    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+        mbedtls_printf("\nAn error occurred.\n");
+    }
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
new file mode 100644
index 0000000..b8f7943
--- /dev/null
+++ b/programs/pkey/pk_decrypt.c
@@ -0,0 +1,153 @@
+/*
+ *  Public key-based simple decryption program
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
+    defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
+    defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/error.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) ||  \
+    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
+    !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
+                   "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
+                   "MBEDTLS_CTR_DRBG_C not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+
+int main(int argc, char *argv[])
+{
+    FILE *f;
+    int ret = 1;
+    unsigned c;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    size_t i, olen = 0;
+    mbedtls_pk_context pk;
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    unsigned char result[1024];
+    unsigned char buf[512];
+    const char *pers = "mbedtls_pk_decrypt";
+    ((void) argv);
+
+    mbedtls_pk_init(&pk);
+    mbedtls_entropy_init(&entropy);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+
+    memset(result, 0, sizeof(result));
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        goto exit;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    if (argc != 2) {
+        mbedtls_printf("usage: mbedtls_pk_decrypt <key_file>\n");
+
+#if defined(_WIN32)
+        mbedtls_printf("\n");
+#endif
+
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . Seeding the random number generator...");
+    fflush(stdout);
+
+    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+                                     &entropy, (const unsigned char *) pers,
+                                     strlen(pers))) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+                       (unsigned int) -ret);
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . Reading private key from '%s'", argv[1]);
+    fflush(stdout);
+
+    if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
+                                        mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
+                       (unsigned int) -ret);
+        goto exit;
+    }
+
+    /*
+     * Extract the RSA encrypted value from the text file
+     */
+    if ((f = fopen("result-enc.txt", "rb")) == NULL) {
+        mbedtls_printf("\n  ! Could not open %s\n\n", "result-enc.txt");
+        ret = 1;
+        goto exit;
+    }
+
+    i = 0;
+    while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
+           i < (int) sizeof(buf)) {
+        buf[i++] = (unsigned char) c;
+    }
+
+    fclose(f);
+
+    /*
+     * Decrypt the encrypted RSA data and print the result.
+     */
+    mbedtls_printf("\n  . Decrypting the encrypted data");
+    fflush(stdout);
+
+    if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result),
+                                  mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_pk_decrypt returned -0x%04x\n",
+                       (unsigned int) -ret);
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . OK\n\n");
+
+    mbedtls_printf("The decrypted result is: '%s'\n\n", result);
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+    mbedtls_pk_free(&pk);
+    mbedtls_entropy_free(&entropy);
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_ERROR_C)
+    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+        mbedtls_strerror(ret, (char *) buf, sizeof(buf));
+        mbedtls_printf("  !  Last error was: %s\n", buf);
+    }
+#endif
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
+          MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
new file mode 100644
index 0000000..a916bc6
--- /dev/null
+++ b/programs/pkey/pk_encrypt.c
@@ -0,0 +1,154 @@
+/*
+ *  RSA simple data encryption program
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
+    defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
+    defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/error.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) ||  \
+    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \
+    !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
+                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
+                   "MBEDTLS_CTR_DRBG_C not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+
+int main(int argc, char *argv[])
+{
+    FILE *f;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    size_t i, olen = 0;
+    mbedtls_pk_context pk;
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    unsigned char input[1024];
+    unsigned char buf[512];
+    const char *pers = "mbedtls_pk_encrypt";
+
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+    mbedtls_entropy_init(&entropy);
+    mbedtls_pk_init(&pk);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        goto exit;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    if (argc != 3) {
+        mbedtls_printf("usage: mbedtls_pk_encrypt <key_file> <string of max 100 characters>\n");
+
+#if defined(_WIN32)
+        mbedtls_printf("\n");
+#endif
+
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . Seeding the random number generator...");
+    fflush(stdout);
+
+    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+                                     &entropy, (const unsigned char *) pers,
+                                     strlen(pers))) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+                       (unsigned int) -ret);
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . Reading public key from '%s'", argv[1]);
+    fflush(stdout);
+
+    if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
+                       (unsigned int) -ret);
+        goto exit;
+    }
+
+    if (strlen(argv[2]) > 100) {
+        mbedtls_printf(" Input data larger than 100 characters.\n\n");
+        goto exit;
+    }
+
+    memcpy(input, argv[2], strlen(argv[2]));
+
+    /*
+     * Calculate the RSA encryption of the hash.
+     */
+    mbedtls_printf("\n  . Generating the encrypted value");
+    fflush(stdout);
+
+    if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]),
+                                  buf, &olen, sizeof(buf),
+                                  mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_pk_encrypt returned -0x%04x\n",
+                       (unsigned int) -ret);
+        goto exit;
+    }
+
+    /*
+     * Write the signature into result-enc.txt
+     */
+    if ((f = fopen("result-enc.txt", "wb+")) == NULL) {
+        mbedtls_printf(" failed\n  ! Could not create %s\n\n",
+                       "result-enc.txt");
+        ret = 1;
+        goto exit;
+    }
+
+    for (i = 0; i < olen; i++) {
+        mbedtls_fprintf(f, "%02X%s", buf[i],
+                        (i + 1) % 16 == 0 ? "\r\n" : " ");
+    }
+
+    fclose(f);
+
+    mbedtls_printf("\n  . Done (created \"%s\")\n\n", "result-enc.txt");
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+    mbedtls_pk_free(&pk);
+    mbedtls_entropy_free(&entropy);
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_ERROR_C)
+    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+        mbedtls_strerror(ret, (char *) buf, sizeof(buf));
+        mbedtls_printf("  !  Last error was: %s\n", buf);
+    }
+#endif
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C &&
+          MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
new file mode 100644
index 0000000..59347ad
--- /dev/null
+++ b/programs/pkey/pk_sign.c
@@ -0,0 +1,155 @@
+/*
+ *  Public key-based signature creation program
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
+    !defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_MD_C) || \
+    !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) ||    \
+    !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
+                   "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_MD_C and/or "
+                   "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
+                   "MBEDTLS_CTR_DRBG_C not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/error.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/pk.h"
+
+#include <stdio.h>
+#include <string.h>
+
+int main(int argc, char *argv[])
+{
+    FILE *f;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    mbedtls_pk_context pk;
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    unsigned char hash[32];
+    unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
+    char filename[512];
+    const char *pers = "mbedtls_pk_sign";
+    size_t olen = 0;
+
+    mbedtls_entropy_init(&entropy);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+    mbedtls_pk_init(&pk);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        goto exit;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    if (argc != 3) {
+        mbedtls_printf("usage: mbedtls_pk_sign <key_file> <filename>\n");
+
+#if defined(_WIN32)
+        mbedtls_printf("\n");
+#endif
+
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . Seeding the random number generator...");
+    fflush(stdout);
+
+    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+                                     (const unsigned char *) pers,
+                                     strlen(pers))) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+                       (unsigned int) -ret);
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . Reading private key from '%s'", argv[1]);
+    fflush(stdout);
+
+    if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
+                                        mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+        mbedtls_printf(" failed\n  ! Could not parse '%s'\n", argv[1]);
+        goto exit;
+    }
+
+    /*
+     * Compute the SHA-256 hash of the input file,
+     * then calculate the signature of the hash.
+     */
+    mbedtls_printf("\n  . Generating the SHA-256 signature");
+    fflush(stdout);
+
+    if ((ret = mbedtls_md_file(
+             mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+             argv[2], hash)) != 0) {
+        mbedtls_printf(" failed\n  ! Could not open or read %s\n\n", argv[2]);
+        goto exit;
+    }
+
+    if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
+                               buf, sizeof(buf), &olen,
+                               mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);
+        goto exit;
+    }
+
+    /*
+     * Write the signature into <filename>.sig
+     */
+    mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
+
+    if ((f = fopen(filename, "wb+")) == NULL) {
+        mbedtls_printf(" failed\n  ! Could not create %s\n\n", filename);
+        goto exit;
+    }
+
+    if (fwrite(buf, 1, olen, f) != olen) {
+        mbedtls_printf("failed\n  ! fwrite failed\n\n");
+        fclose(f);
+        goto exit;
+    }
+
+    fclose(f);
+
+    mbedtls_printf("\n  . Done (created \"%s\")\n\n", filename);
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+    mbedtls_pk_free(&pk);
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+    mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_ERROR_C)
+    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+        mbedtls_strerror(ret, (char *) buf, sizeof(buf));
+        mbedtls_printf("  !  Last error was: %s\n", buf);
+    }
+#endif
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
+          MBEDTLS_MD_CAN_SHA256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
+          MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
new file mode 100644
index 0000000..3127df5
--- /dev/null
+++ b/programs/pkey/pk_verify.c
@@ -0,0 +1,128 @@
+/*
+ *  Public key-based signature verification program
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \
+    !defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_PK_PARSE_C) ||   \
+    !defined(MBEDTLS_FS_IO)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or "
+                   "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_PK_PARSE_C and/or "
+                   "MBEDTLS_FS_IO not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/error.h"
+#include "mbedtls/pk.h"
+
+#include <stdio.h>
+#include <string.h>
+
+
+int main(int argc, char *argv[])
+{
+    FILE *f;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    size_t i;
+    mbedtls_pk_context pk;
+    unsigned char hash[32];
+    unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
+    char filename[512];
+
+    mbedtls_pk_init(&pk);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        goto exit;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    if (argc != 3) {
+        mbedtls_printf("usage: mbedtls_pk_verify <key_file> <filename>\n");
+
+#if defined(_WIN32)
+        mbedtls_printf("\n");
+#endif
+
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . Reading public key from '%s'", argv[1]);
+    fflush(stdout);
+
+    if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
+                       (unsigned int) -ret);
+        goto exit;
+    }
+
+    /*
+     * Extract the signature from the file
+     */
+    mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
+
+    if ((f = fopen(filename, "rb")) == NULL) {
+        mbedtls_printf("\n  ! Could not open %s\n\n", filename);
+        goto exit;
+    }
+
+    i = fread(buf, 1, sizeof(buf), f);
+
+    fclose(f);
+
+    /*
+     * Compute the SHA-256 hash of the input file and
+     * verify the signature
+     */
+    mbedtls_printf("\n  . Verifying the SHA-256 signature");
+    fflush(stdout);
+
+    if ((ret = mbedtls_md_file(
+             mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+             argv[2], hash)) != 0) {
+        mbedtls_printf(" failed\n  ! Could not open or read %s\n\n", argv[2]);
+        goto exit;
+    }
+
+    if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
+                                 buf, i)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret);
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . OK (the signature is valid)\n\n");
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+    mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_ERROR_C)
+    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+        mbedtls_strerror(ret, (char *) buf, sizeof(buf));
+        mbedtls_printf("  !  Last error was: %s\n", buf);
+    }
+#endif
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_MD_CAN_SHA256 &&
+          MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
new file mode 100644
index 0000000..a84af50
--- /dev/null
+++ b/programs/pkey/rsa_decrypt.c
@@ -0,0 +1,172 @@
+/*
+ *  RSA simple decryption program
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
+    defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
+    defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/rsa.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <string.h>
+
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
+    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
+    !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
+                   "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
+                   "MBEDTLS_CTR_DRBG_C not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+
+int main(int argc, char *argv[])
+{
+    FILE *f;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    unsigned c;
+    size_t i;
+    mbedtls_rsa_context rsa;
+    mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    unsigned char result[1024];
+    unsigned char buf[512];
+    const char *pers = "rsa_decrypt";
+    ((void) argv);
+
+    memset(result, 0, sizeof(result));
+
+    if (argc != 1) {
+        mbedtls_printf("usage: rsa_decrypt\n");
+
+#if defined(_WIN32)
+        mbedtls_printf("\n");
+#endif
+
+        mbedtls_exit(exit_code);
+    }
+
+    mbedtls_printf("\n  . Seeding the random number generator...");
+    fflush(stdout);
+
+    mbedtls_rsa_init(&rsa);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+    mbedtls_entropy_init(&entropy);
+    mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+    mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+    mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
+
+    ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+                                &entropy, (const unsigned char *) pers,
+                                strlen(pers));
+    if (ret != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n",
+                       ret);
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . Reading private key from rsa_priv.txt");
+    fflush(stdout);
+
+    if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
+        mbedtls_printf(" failed\n  ! Could not open rsa_priv.txt\n" \
+                       "  ! Please run rsa_genkey first\n\n");
+        goto exit;
+    }
+
+    if ((ret = mbedtls_mpi_read_file(&N, 16, f))  != 0 ||
+        (ret = mbedtls_mpi_read_file(&E, 16, f))  != 0 ||
+        (ret = mbedtls_mpi_read_file(&D, 16, f))  != 0 ||
+        (ret = mbedtls_mpi_read_file(&P, 16, f))  != 0 ||
+        (ret = mbedtls_mpi_read_file(&Q, 16, f))  != 0 ||
+        (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_mpi_read_file returned %d\n\n",
+                       ret);
+        fclose(f);
+        goto exit;
+    }
+    fclose(f);
+
+    if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_rsa_import returned %d\n\n",
+                       ret);
+        goto exit;
+    }
+
+    if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_rsa_complete returned %d\n\n",
+                       ret);
+        goto exit;
+    }
+
+    /*
+     * Extract the RSA encrypted value from the text file
+     */
+    if ((f = fopen("result-enc.txt", "rb")) == NULL) {
+        mbedtls_printf("\n  ! Could not open %s\n\n", "result-enc.txt");
+        goto exit;
+    }
+
+    i = 0;
+
+    while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
+           i < (int) sizeof(buf)) {
+        buf[i++] = (unsigned char) c;
+    }
+
+    fclose(f);
+
+    if (i != mbedtls_rsa_get_len(&rsa)) {
+        mbedtls_printf("\n  ! Invalid RSA signature format\n\n");
+        goto exit;
+    }
+
+    /*
+     * Decrypt the encrypted RSA data and print the result.
+     */
+    mbedtls_printf("\n  . Decrypting the encrypted data");
+    fflush(stdout);
+
+    ret = mbedtls_rsa_pkcs1_decrypt(&rsa, mbedtls_ctr_drbg_random,
+                                    &ctr_drbg, &i,
+                                    buf, result, 1024);
+    if (ret != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n",
+                       ret);
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . OK\n\n");
+
+    mbedtls_printf("The decrypted result is: '%s'\n\n", result);
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+    mbedtls_entropy_free(&entropy);
+    mbedtls_rsa_free(&rsa);
+    mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+    mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+    mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
new file mode 100644
index 0000000..6538f8a
--- /dev/null
+++ b/programs/pkey/rsa_encrypt.c
@@ -0,0 +1,149 @@
+/*
+ *  RSA simple data encryption program
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
+    defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
+    defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/rsa.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <string.h>
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
+    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \
+    !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
+                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
+                   "MBEDTLS_CTR_DRBG_C not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+
+int main(int argc, char *argv[])
+{
+    FILE *f;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    size_t i;
+    mbedtls_rsa_context rsa;
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    unsigned char input[1024];
+    unsigned char buf[512];
+    const char *pers = "rsa_encrypt";
+    mbedtls_mpi N, E;
+
+    if (argc != 2) {
+        mbedtls_printf("usage: rsa_encrypt <string of max 100 characters>\n");
+
+#if defined(_WIN32)
+        mbedtls_printf("\n");
+#endif
+
+        mbedtls_exit(exit_code);
+    }
+
+    mbedtls_printf("\n  . Seeding the random number generator...");
+    fflush(stdout);
+
+    mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
+    mbedtls_rsa_init(&rsa);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+    mbedtls_entropy_init(&entropy);
+
+    ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+                                &entropy, (const unsigned char *) pers,
+                                strlen(pers));
+    if (ret != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n",
+                       ret);
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . Reading public key from rsa_pub.txt");
+    fflush(stdout);
+
+    if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
+        mbedtls_printf(" failed\n  ! Could not open rsa_pub.txt\n" \
+                       "  ! Please run rsa_genkey first\n\n");
+        goto exit;
+    }
+
+    if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_mpi_read_file returned %d\n\n",
+                       ret);
+        fclose(f);
+        goto exit;
+    }
+    fclose(f);
+
+    if ((ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_rsa_import returned %d\n\n",
+                       ret);
+        goto exit;
+    }
+
+    if (strlen(argv[1]) > 100) {
+        mbedtls_printf(" Input data larger than 100 characters.\n\n");
+        goto exit;
+    }
+
+    memcpy(input, argv[1], strlen(argv[1]));
+
+    /*
+     * Calculate the RSA encryption of the hash.
+     */
+    mbedtls_printf("\n  . Generating the RSA encrypted value");
+    fflush(stdout);
+
+    ret = mbedtls_rsa_pkcs1_encrypt(&rsa, mbedtls_ctr_drbg_random,
+                                    &ctr_drbg, strlen(argv[1]), input, buf);
+    if (ret != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",
+                       ret);
+        goto exit;
+    }
+
+    /*
+     * Write the signature into result-enc.txt
+     */
+    if ((f = fopen("result-enc.txt", "wb+")) == NULL) {
+        mbedtls_printf(" failed\n  ! Could not create %s\n\n", "result-enc.txt");
+        goto exit;
+    }
+
+    for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) {
+        mbedtls_fprintf(f, "%02X%s", buf[i],
+                        (i + 1) % 16 == 0 ? "\r\n" : " ");
+    }
+
+    fclose(f);
+
+    mbedtls_printf("\n  . Done (created \"%s\")\n\n", "result-enc.txt");
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+    mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+    mbedtls_entropy_free(&entropy);
+    mbedtls_rsa_free(&rsa);
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C &&
+          MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
new file mode 100644
index 0000000..dc58215
--- /dev/null
+++ b/programs/pkey/rsa_genkey.c
@@ -0,0 +1,141 @@
+/*
+ *  Example RSA key generation program
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \
+    defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) && \
+    defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/bignum.h"
+#include "mbedtls/rsa.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#define KEY_SIZE 2048
+#define EXPONENT 65537
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||   \
+    !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_GENPRIME) ||      \
+    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
+                   "MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or "
+                   "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+
+int main(void)
+{
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    mbedtls_rsa_context rsa;
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+    FILE *fpub  = NULL;
+    FILE *fpriv = NULL;
+    const char *pers = "rsa_genkey";
+
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+    mbedtls_rsa_init(&rsa);
+    mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+    mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+    mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
+
+    mbedtls_printf("\n  . Seeding the random number generator...");
+    fflush(stdout);
+
+    mbedtls_entropy_init(&entropy);
+    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+                                     (const unsigned char *) pers,
+                                     strlen(pers))) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n  . Generating the RSA key [ %d-bit ]...", KEY_SIZE);
+    fflush(stdout);
+
+    if ((ret = mbedtls_rsa_gen_key(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE,
+                                   EXPONENT)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_rsa_gen_key returned %d\n\n", ret);
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n  . Exporting the public  key in rsa_pub.txt....");
+    fflush(stdout);
+
+    if ((ret = mbedtls_rsa_export(&rsa, &N, &P, &Q, &D, &E)) != 0 ||
+        (ret = mbedtls_rsa_export_crt(&rsa, &DP, &DQ, &QP))      != 0) {
+        mbedtls_printf(" failed\n  ! could not export RSA parameters\n\n");
+        goto exit;
+    }
+
+    if ((fpub = fopen("rsa_pub.txt", "wb+")) == NULL) {
+        mbedtls_printf(" failed\n  ! could not open rsa_pub.txt for writing\n\n");
+        goto exit;
+    }
+
+    if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpub)) != 0 ||
+        (ret = mbedtls_mpi_write_file("E = ", &E, 16, fpub)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_mpi_write_file returned %d\n\n", ret);
+        goto exit;
+    }
+
+    mbedtls_printf(" ok\n  . Exporting the private key in rsa_priv.txt...");
+    fflush(stdout);
+
+    if ((fpriv = fopen("rsa_priv.txt", "wb+")) == NULL) {
+        mbedtls_printf(" failed\n  ! could not open rsa_priv.txt for writing\n");
+        goto exit;
+    }
+
+    if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpriv)) != 0 ||
+        (ret = mbedtls_mpi_write_file("E = ", &E, 16, fpriv)) != 0 ||
+        (ret = mbedtls_mpi_write_file("D = ", &D, 16, fpriv)) != 0 ||
+        (ret = mbedtls_mpi_write_file("P = ", &P, 16, fpriv)) != 0 ||
+        (ret = mbedtls_mpi_write_file("Q = ", &Q, 16, fpriv)) != 0 ||
+        (ret = mbedtls_mpi_write_file("DP = ", &DP, 16, fpriv)) != 0 ||
+        (ret = mbedtls_mpi_write_file("DQ = ", &DQ, 16, fpriv)) != 0 ||
+        (ret = mbedtls_mpi_write_file("QP = ", &QP, 16, fpriv)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_mpi_write_file returned %d\n\n", ret);
+        goto exit;
+    }
+    mbedtls_printf(" ok\n\n");
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+    if (fpub  != NULL) {
+        fclose(fpub);
+    }
+
+    if (fpriv != NULL) {
+        fclose(fpriv);
+    }
+
+    mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+    mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+    mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+    mbedtls_rsa_free(&rsa);
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+    mbedtls_entropy_free(&entropy);
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
+          MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_priv.txt b/programs/pkey/rsa_priv.txt
new file mode 100644
index 0000000..254fcf8
--- /dev/null
+++ b/programs/pkey/rsa_priv.txt
@@ -0,0 +1,8 @@
+N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
+E = 010001
+D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401
+P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1
+Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261
+DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1
+DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081
+QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1
diff --git a/programs/pkey/rsa_pub.txt b/programs/pkey/rsa_pub.txt
new file mode 100644
index 0000000..1e7ae0c
--- /dev/null
+++ b/programs/pkey/rsa_pub.txt
@@ -0,0 +1,2 @@
+N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
+E = 010001
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
new file mode 100644
index 0000000..e14953b
--- /dev/null
+++ b/programs/pkey/rsa_sign.c
@@ -0,0 +1,155 @@
+/*
+ *  RSA/SHA-256 signature creation program
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
+    !defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_MD_C) || \
+    !defined(MBEDTLS_FS_IO)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
+                   "MBEDTLS_MD_C and/or "
+                   "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/rsa.h"
+
+#include <stdio.h>
+#include <string.h>
+
+
+int main(int argc, char *argv[])
+{
+    FILE *f;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    size_t i;
+    mbedtls_rsa_context rsa;
+    unsigned char hash[32];
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+    char filename[512];
+    mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+
+    mbedtls_rsa_init(&rsa);
+
+    mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+    mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+    mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
+
+    if (argc != 2) {
+        mbedtls_printf("usage: rsa_sign <filename>\n");
+
+#if defined(_WIN32)
+        mbedtls_printf("\n");
+#endif
+
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . Reading private key from rsa_priv.txt");
+    fflush(stdout);
+
+    if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
+        mbedtls_printf(" failed\n  ! Could not open rsa_priv.txt\n" \
+                       "  ! Please run rsa_genkey first\n\n");
+        goto exit;
+    }
+
+    if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_mpi_read_file returned %d\n\n", ret);
+        fclose(f);
+        goto exit;
+    }
+    fclose(f);
+
+    if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_rsa_import returned %d\n\n",
+                       ret);
+        goto exit;
+    }
+
+    if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_rsa_complete returned %d\n\n",
+                       ret);
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . Checking the private key");
+    fflush(stdout);
+    if ((ret = mbedtls_rsa_check_privkey(&rsa)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_rsa_check_privkey failed with -0x%0x\n",
+                       (unsigned int) -ret);
+        goto exit;
+    }
+
+    /*
+     * Compute the SHA-256 hash of the input file,
+     * then calculate the RSA signature of the hash.
+     */
+    mbedtls_printf("\n  . Generating the RSA/SHA-256 signature");
+    fflush(stdout);
+
+    if ((ret = mbedtls_md_file(
+             mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+             argv[1], hash)) != 0) {
+        mbedtls_printf(" failed\n  ! Could not open or read %s\n\n", argv[1]);
+        goto exit;
+    }
+
+    if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_MD_SHA256,
+                                      32, hash, buf)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n",
+                       (unsigned int) -ret);
+        goto exit;
+    }
+
+    /*
+     * Write the signature into <filename>.sig
+     */
+    mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]);
+
+    if ((f = fopen(filename, "wb+")) == NULL) {
+        mbedtls_printf(" failed\n  ! Could not create %s\n\n", argv[1]);
+        goto exit;
+    }
+
+    for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) {
+        mbedtls_fprintf(f, "%02X%s", buf[i],
+                        (i + 1) % 16 == 0 ? "\r\n" : " ");
+    }
+
+    fclose(f);
+
+    mbedtls_printf("\n  . Done (created \"%s\")\n\n", filename);
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+    mbedtls_rsa_free(&rsa);
+    mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+    mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+    mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 &&
+          MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
new file mode 100644
index 0000000..3a1f747
--- /dev/null
+++ b/programs/pkey/rsa_sign_pss.c
@@ -0,0 +1,161 @@
+/*
+ *  RSASSA-PSS/SHA-256 signature creation program
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
+    !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) ||        \
+    !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) ||    \
+    !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
+                   "MBEDTLS_RSA_C and/or MBEDTLS_MD_CAN_SHA256 and/or "
+                   "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
+                   "MBEDTLS_CTR_DRBG_C not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/pk.h"
+
+#include <stdio.h>
+#include <string.h>
+
+
+int main(int argc, char *argv[])
+{
+    FILE *f;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    mbedtls_pk_context pk;
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    unsigned char hash[32];
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+    char filename[512];
+    const char *pers = "rsa_sign_pss";
+    size_t olen = 0;
+
+    mbedtls_entropy_init(&entropy);
+    mbedtls_pk_init(&pk);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        goto exit;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    if (argc != 3) {
+        mbedtls_printf("usage: rsa_sign_pss <key_file> <filename>\n");
+
+#if defined(_WIN32)
+        mbedtls_printf("\n");
+#endif
+
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . Seeding the random number generator...");
+    fflush(stdout);
+
+    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+                                     (const unsigned char *) pers,
+                                     strlen(pers))) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . Reading private key from '%s'", argv[1]);
+    fflush(stdout);
+
+    if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
+                                        mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+        mbedtls_printf(" failed\n  ! Could not read key from '%s'\n", argv[1]);
+        mbedtls_printf("  ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
+        goto exit;
+    }
+
+    if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) {
+        mbedtls_printf(" failed\n  ! Key is not an RSA key\n");
+        goto exit;
+    }
+
+    if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk),
+                                       MBEDTLS_RSA_PKCS_V21,
+                                       MBEDTLS_MD_SHA256)) != 0) {
+        mbedtls_printf(" failed\n  ! Padding not supported\n");
+        goto exit;
+    }
+
+    /*
+     * Compute the SHA-256 hash of the input file,
+     * then calculate the RSA signature of the hash.
+     */
+    mbedtls_printf("\n  . Generating the RSA/SHA-256 signature");
+    fflush(stdout);
+
+    if ((ret = mbedtls_md_file(
+             mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+             argv[2], hash)) != 0) {
+        mbedtls_printf(" failed\n  ! Could not open or read %s\n\n", argv[2]);
+        goto exit;
+    }
+
+    if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
+                               buf, sizeof(buf), &olen,
+                               mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_pk_sign returned %d\n\n", ret);
+        goto exit;
+    }
+
+    /*
+     * Write the signature into <filename>.sig
+     */
+    mbedtls_snprintf(filename, 512, "%s.sig", argv[2]);
+
+    if ((f = fopen(filename, "wb+")) == NULL) {
+        mbedtls_printf(" failed\n  ! Could not create %s\n\n", filename);
+        goto exit;
+    }
+
+    if (fwrite(buf, 1, olen, f) != olen) {
+        mbedtls_printf("failed\n  ! fwrite failed\n\n");
+        fclose(f);
+        goto exit;
+    }
+
+    fclose(f);
+
+    mbedtls_printf("\n  . Done (created \"%s\")\n\n", filename);
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+    mbedtls_pk_free(&pk);
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+    mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
+          MBEDTLS_MD_CAN_SHA256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
+          MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
new file mode 100644
index 0000000..4a9af77
--- /dev/null
+++ b/programs/pkey/rsa_verify.c
@@ -0,0 +1,134 @@
+/*
+ *  RSA/SHA-256 signature verification program
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
+    !defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_MD_C) || \
+    !defined(MBEDTLS_FS_IO)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
+                   "MBEDTLS_MD_C and/or "
+                   "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/rsa.h"
+
+#include <stdio.h>
+#include <string.h>
+
+
+int main(int argc, char *argv[])
+{
+    FILE *f;
+    int ret = 1;
+    unsigned c;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    size_t i;
+    mbedtls_rsa_context rsa;
+    mbedtls_mpi N, E;
+    unsigned char hash[32];
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+    char filename[512];
+
+    mbedtls_rsa_init(&rsa);
+    mbedtls_mpi_init(&N);
+    mbedtls_mpi_init(&E);
+
+    if (argc != 2) {
+        mbedtls_printf("usage: rsa_verify <filename>\n");
+
+#if defined(_WIN32)
+        mbedtls_printf("\n");
+#endif
+
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . Reading public key from rsa_pub.txt");
+    fflush(stdout);
+
+    if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
+        mbedtls_printf(" failed\n  ! Could not open rsa_pub.txt\n" \
+                       "  ! Please run rsa_genkey first\n\n");
+        goto exit;
+    }
+
+    if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
+        (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) {
+        mbedtls_printf(" failed\n  ! mbedtls_mpi_read_file returned %d\n\n", ret);
+        fclose(f);
+        goto exit;
+    }
+    fclose(f);
+
+    /*
+     * Extract the RSA signature from the text file
+     */
+    mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]);
+
+    if ((f = fopen(filename, "rb")) == NULL) {
+        mbedtls_printf("\n  ! Could not open %s\n\n", filename);
+        goto exit;
+    }
+
+    i = 0;
+    while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
+           i < (int) sizeof(buf)) {
+        buf[i++] = (unsigned char) c;
+    }
+
+    fclose(f);
+
+    if (i != mbedtls_rsa_get_len(&rsa)) {
+        mbedtls_printf("\n  ! Invalid RSA signature format\n\n");
+        goto exit;
+    }
+
+    /*
+     * Compute the SHA-256 hash of the input file and
+     * verify the signature
+     */
+    mbedtls_printf("\n  . Verifying the RSA/SHA-256 signature");
+    fflush(stdout);
+
+    if ((ret = mbedtls_md_file(
+             mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+             argv[1], hash)) != 0) {
+        mbedtls_printf(" failed\n  ! Could not open or read %s\n\n", argv[1]);
+        goto exit;
+    }
+
+    if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256,
+                                        32, hash, buf)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n",
+                       (unsigned int) -ret);
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . OK (the signature is valid)\n\n");
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+    mbedtls_rsa_free(&rsa);
+    mbedtls_mpi_free(&N);
+    mbedtls_mpi_free(&E);
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 &&
+          MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
new file mode 100644
index 0000000..afbbfa9
--- /dev/null
+++ b/programs/pkey/rsa_verify_pss.c
@@ -0,0 +1,136 @@
+/*
+ *  RSASSA-PSS/SHA-256 signature verification program
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
+    !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) ||        \
+    !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) ||    \
+    !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+    mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
+                   "MBEDTLS_RSA_C and/or MBEDTLS_MD_CAN_SHA256 and/or "
+                   "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
+                   "MBEDTLS_CTR_DRBG_C not defined.\n");
+    mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/md.h"
+#include "mbedtls/pem.h"
+#include "mbedtls/pk.h"
+
+#include <stdio.h>
+#include <string.h>
+
+
+int main(int argc, char *argv[])
+{
+    FILE *f;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    size_t i;
+    mbedtls_pk_context pk;
+    unsigned char hash[32];
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+    char filename[512];
+
+    mbedtls_pk_init(&pk);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        goto exit;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    if (argc != 3) {
+        mbedtls_printf("usage: rsa_verify_pss <key_file> <filename>\n");
+
+#if defined(_WIN32)
+        mbedtls_printf("\n");
+#endif
+
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . Reading public key from '%s'", argv[1]);
+    fflush(stdout);
+
+    if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
+        mbedtls_printf(" failed\n  ! Could not read key from '%s'\n", argv[1]);
+        mbedtls_printf("  ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
+        goto exit;
+    }
+
+    if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) {
+        mbedtls_printf(" failed\n  ! Key is not an RSA key\n");
+        goto exit;
+    }
+
+    if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk),
+                                       MBEDTLS_RSA_PKCS_V21,
+                                       MBEDTLS_MD_SHA256)) != 0) {
+        mbedtls_printf(" failed\n  ! Invalid padding\n");
+        goto exit;
+    }
+
+    /*
+     * Extract the RSA signature from the file
+     */
+    mbedtls_snprintf(filename, 512, "%s.sig", argv[2]);
+
+    if ((f = fopen(filename, "rb")) == NULL) {
+        mbedtls_printf("\n  ! Could not open %s\n\n", filename);
+        goto exit;
+    }
+
+    i = fread(buf, 1, MBEDTLS_MPI_MAX_SIZE, f);
+
+    fclose(f);
+
+    /*
+     * Compute the SHA-256 hash of the input file and
+     * verify the signature
+     */
+    mbedtls_printf("\n  . Verifying the RSA/SHA-256 signature");
+    fflush(stdout);
+
+    if ((ret = mbedtls_md_file(
+             mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+             argv[2], hash)) != 0) {
+        mbedtls_printf(" failed\n  ! Could not open or read %s\n\n", argv[2]);
+        goto exit;
+    }
+
+    if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
+                                 buf, i)) != 0) {
+        mbedtls_printf(" failed\n  ! mbedtls_pk_verify returned %d\n\n", ret);
+        goto exit;
+    }
+
+    mbedtls_printf("\n  . OK (the signature is valid)\n\n");
+
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+    mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 &&
+          MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */