[openssl-users] Better understanding of EC encryption API

Matt Caswell matt at openssl.org
Fri Nov 27 09:36:41 UTC 2015

On 27/11/15 04:07, Viktor Dukhovni wrote:
> On Thu, Nov 26, 2015 at 07:59:22PM +0000, Matt Caswell wrote:
>> On 26/11/15 19:18, Matt Loah wrote:
>>> While the public key in the context of OpenSSL Elliptic Curves algorithm
>>> is stored as a EC_POINT pointer... and the private key as a BIGNUM
>>> pointer... which functions (or which kind of them) should be called to
>>> encrypt & to decrypt a message in C/C++ ?
>> OpenSSL only supports ECDH and ECDSA, neither of which can be used to
>> perform encryption.
> This is not entirely true, in sufficiently recent versions of
> OpenSSL, ECDSA keys can be used with CMS to encrypt keys.

Well, perhaps I should modify the statement to say
"OpenSSL only supports ECDH and ECDSA, neither of which can be used *by
themselves* to perform encryption."

Clearly you can use them in combination with other algorithms to achieve
encryption - but they don't do encryption themselves.

I'm not particularly familiar with CMS but from my very quick reading of
what is going on in your example is that the EC key is being used by
ECDH to agree a shared secret (in combination with a KDF). Then AES128
key wrapping is used to encrypt the CEK, followed by AES to actually
encrypt the data. So ECDH is not encrypting anything directly (it can't
- its not an encryption algorithm - it a key agreement algorithm).


More information about the openssl-users mailing list