[openssl-users] Encryption and Decryption using ECC based certificate private/public key pair
Jayalakshmi bhat
bhat.jayalakshmi at gmail.com
Tue Apr 28 10:03:54 UTC 2015
Hi Jeff,
Thanks a lot for the detailed explanation. Since I have a requirement to
use the certificate public/private keys for encryption/decryption I believe
I should be able to use ECDHE based approach.
Regards
Jayalakshmi
On Sun, Apr 26, 2015 at 11:41 PM, Jeffrey Walton <noloader at gmail.com> wrote:
> On Mon, Apr 27, 2015 at 12:54 AM, Jayalakshmi bhat
> <bhat.jayalakshmi at gmail.com> wrote:
> > Hello All,
> >
> > I am working on a project where there is need to encrypt and decrypt
> certain
> > data using certificate public/private key pair. So far we were using RSA
> > based certificates. OpenSSL provides good number of API's for RSA based
> > encryption/decryption operation.
> >
> > Now we are planning to support ECDSA based certificates also. I am not
> able
> > to find any encryption/decryption API's in EC context.
> >
> > I wanted to know are there any encryption/decryption API's using ECDSA
> based
> > public/private key pair. Or is there any sample code I can look into.
> ECDSA is a signing algorithm used for authentication. If you want to
> encrypt/decrypt, then you need something else.
>
> In the case of SSL/TLS, the something else is ECDHE. A shared secret
> drops out of the ECDHE key exchange, and that's used to key a channel
> for bulk encryption. The ECDSA signature authenticates ECDHE
> parameters so you know they are authentic (i.e., from the party who
> you expect, and not an adversary).
>
> In addition to ECDHE, another choice is the MQV family of key
> exchanges. Its a family now because MQV leaked some information about
> the private exponent, so Krawczyk provided "Hashed MQV" (HMWV). HMQV
> was later improved by Sarr, Elbaz–Vincent, and Bajard with "Fully
> Hashed MQV" (FHMQV).
>
> As far as encryption systems outside of SSL/TLS, check out Elliptic
> Curve Integrated Encryption Scheme (ECIES). You can do bulk encryption
> and decryption with it also. But it does not use an ECDSA key per se;
> rather, its just a ecPublicKey ASN.1 type.
>
> ECIES a Diffie-Hellman based integrated scheme that combines a Key
> Encapsulation Mechanism (KEM) with a Data Encapsulation Mechanism
> (DEM). The output is a 3-tuple {K,C,T}, where K is a "encrypted shared
> secret" (lots of hand waiving), C is the cipher text and T is an
> authentication tag. In ECIES, K is really half of a ECDHE exchange
> with an ephemeral key. To recover the "encrypted shared secret", the
> person doing the decryption uses their long term static key to perform
> the other half of the key exchange, and that's the shared secret. The
> shared secret is then digested with a KDF and used to key a stream
> cipher and a HMAC.
>
> Jeff
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150428/b6294a3d/attachment.html>
More information about the openssl-users
mailing list