Mbed TLS supplies several sample applications that demonstrate common use cases of the API. These are sample programs only and do not cover full functionality of the API, or all use cases!
These examples are in the programs folder, separated into subfolders according to their theme.
For more information, check the applications’
These example programs demonstrate the usage of the symmetric cipher API.
aescrypt2- A sample application that performs authenticated encryption and decryption of a buffer, using
mbedtls_aes_crypt_ecb, with AES-256. The application reads from a file, ciphers it and writes output to a file.
crypt_and_hash- A file encryption application using the generic cipher and message digest (
These examples demonstrate
generic_sum- Generic message digest layer demonstration program.
hello- A “Hello, World!”
These sample applications demonstrate the usage of asymmetric cryptography APIs for key exchange and message signing, verification, encryption and decryption.
dh_client- A program demonstrating the Diffie-Hellman-Merkle key exchange on the client side.
dh_genprime- A program demonstrating the Diffie-Hellman-Merkle key exchange prime generation.
dh_server- A program demonstrating the Diffie-Hellman-Merkle key exchange on the server side.
ecdh_curve25519- A reference program that shows how to use Curve25519, a special use case of ECDHE.
ecdsa- An example ECDSA program.
gen_key- An example of how to generate a private key.
key_app_writer- An example that demonstrates how to write a key file in different formats (
DER), from a given key.
key_app- A program demonstrating how to read and parse a key.
mpi_demo- An application demonstrating how to use the multiple precision integers (
pk_decrypt- A reference application that demonstrates how to use the Public key-based decryption, using the
pk_encrypt- A reference application that demonstrates how to use the Public key-based encryption, using the
pk_sign- A reference application that demonstrates how to use the Public key-based signature creation, using the
pk_verify- A reference application that demonstrates how to use the Public key-based signature verification, using the
rsa_decrypt- An RSA decryption reference program, using the
rsa_encrypt- An RSA encryption reference program, using the
rsa_genkey- An application demonstrating how to generate an RSA key pair.
rsa_sign_pss- An application demonstrating how to create a signature with the PKCS #1 v2.1 padding scheme.
rsa_sign- An application demonstrating how create a signature with the PKCS #1 v1.5 padding scheme.
rsa_verify_pss- An application demonstrating how to verify a signature with the PKCS #1 v2.1 padding scheme.
rsa_verify- An application demonstrating how to verify a signature with the PKCS #1 v1.5 padding scheme.
These applications demonstrate how to use Mbed TLS TRNG and PRNG APIs.
gen_entropy- An application that generates multiple entropy calls from the TRNG engine, writing them to a file.
gen_random_ctr_drbg- An application demonstrating how to use the Mbed TLS Deterministic Random Bit Generators (DRBG) API, using AES, defined in NIST 800-90A.
gen_random_havege- An application demonstrating how to use the HArdware Volatile Entropy Gathering and Expansion (havege) entropy API.
These applications demonstrate common use cases for the SSL\TLS stack APIs.
Note: These applications use the Mbed TLS test root certificate and are meant to work with one another. To test the client applications with an external server, the root certificate needs to be set correctly by calling the
mbedtls_ssl_conf_ca_chain(). Alternatively, some applications allow to optionally set the CA root certificate file through the command-line. To test the server applications with external clients, they need to replace
mbedtls_x509_crt_parse_file() to read the server and CA certificates, as well as replacing
dtls_client- A DTLS client demonstration program.
dtls_server- A DTLS server demonstration program.
mini_client- A minimal TLS client that uses minimal set of memory consumption. It should be used with
config-ccm-psk-tls1_2.has the configuration files.
ssl_client1- An SSL client demonstration program.
ssl_client2- An SSL client demonstration program with certificate authentication.
ssl_fork_server- An SSL server demonstration program using
fork()for handling multiple clients.
ssl_mail_client- An SSL client for SMTP servers.
ssl_pthread_server- An SSL server demonstration program using
pthreadfor handling multiple clients.
ssl_server- An SSL server demonstration program.
ssl_server2- A flexible SSL server demonstration, which accepts many different options for various use cases.
These are some generic sample application, that can be used for testing.
benchmark- Benchmark demonstration program.
selftest- Self-test demonstration program.
ssl_cert_test- SSL certificate functionality test.
udp_proxy- Emulation for an unreliable UDP connection for DTLS testing.
Sample applications for the utility APIs:
strerror- A program that translates error code to error string.
These reference applications demonstrate usage of the
X.509 format standard.
X.509certificate reading and verifying application.
X.509certificate request (CSR) generation program.
X.509certificate generation and signing reference application.
X.509Certificate Revocation List (CRL) reading application.
X.509certificate request (CSR) reading application.