[openssl-users] Encryption and Decryption using ECC based certificate private/public key pair

Jeffrey Walton noloader at gmail.com
Mon Apr 27 05:41:13 UTC 2015


On Mon, Apr 27, 2015 at 12:54 AM, Jayalakshmi bhat
<bhat.jayalakshmi at gmail.com> wrote:
> Hello All,
>
> I am working on a project where there is need to encrypt and decrypt certain
> data using certificate public/private key pair. So far we were using RSA
> based certificates. OpenSSL provides good number of API's for RSA based
> encryption/decryption operation.
>
> Now we are planning to support ECDSA based certificates also. I am not able
> to find any encryption/decryption API's in EC context.
>
> I wanted to know are there any encryption/decryption API's using ECDSA based
> public/private key pair. Or is there any sample code I can look into.
ECDSA is a signing algorithm used for authentication. If you want to
encrypt/decrypt, then you need something else.

In the case of SSL/TLS, the something else is ECDHE. A shared secret
drops out of the ECDHE key exchange, and that's used to key a channel
for bulk encryption. The ECDSA signature authenticates ECDHE
parameters so you know they are authentic (i.e., from the party who
you expect, and not an adversary).

In addition to ECDHE, another choice is the MQV family of key
exchanges. Its a family now because MQV leaked some information about
the private exponent, so Krawczyk provided "Hashed MQV" (HMWV). HMQV
was later improved by Sarr, Elbaz–Vincent, and Bajard with "Fully
Hashed MQV" (FHMQV).

As far as encryption systems outside of SSL/TLS, check out Elliptic
Curve Integrated Encryption Scheme (ECIES). You can do bulk encryption
and decryption with it also. But it does not use an ECDSA key per se;
rather, its just a ecPublicKey ASN.1 type.

ECIES a Diffie-Hellman based integrated scheme that combines a Key
Encapsulation Mechanism (KEM) with a Data Encapsulation Mechanism
(DEM). The output is a 3-tuple {K,C,T}, where K is a "encrypted shared
secret" (lots of hand waiving), C is the cipher text and T is an
authentication tag. In ECIES, K is really half of a ECDHE exchange
with an ephemeral key. To recover the "encrypted shared secret", the
person doing the decryption uses their long term static key to perform
the other half of the key exchange, and that's the shared secret. The
shared secret is then digested with a KDF and used to key a stream
cipher and a HMAC.

Jeff


More information about the openssl-users mailing list