Quantcast

Encrypting using EC public key

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Encrypting using EC public key

Norm Green
Is there a way to encrypt a file using the openssl command with an
elliptic curve public key?  Here's what I get when I try using OpenSSL
1.1.0c :

normg>./openssl pkeyutl -encrypt -pubin -inkey secp256k1-public-key.pem
-in a.txt -out a.txt.enc
pkeyutl: Error initializing context
140339244734272:error:0608B096:digital envelope
routines:EVP_PKEY_encrypt_init:operation not supported for this
keytype:crypto/evp/pmeth_fn.c:139:

normg>cat secp256k1-public-key.pem
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE3bT9LIDRFNZ1D5QbA90zDh6UxDyYdrQv
XmxFEr1AwKnmeD8dAg4F62ddmzX76fNaw1QqLbmEQTLdrEYM3KxUdA==
-----END PUBLIC KEY-----


Norm Green
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Encrypting using EC public key

Matt Caswell-2


On 15/01/17 03:47, Norm Green wrote:
> Is there a way to encrypt a file using the openssl command with an
> elliptic curve public key?  Here's what I get when I try using OpenSSL
> 1.1.0c :

OpenSSL only supports ECDH (for key exchange) and ECDSA (for digital
signatures) for elliptic curve keys, i.e. there are no ec encryption
algorithms available.

Matt

>
> normg>./openssl pkeyutl -encrypt -pubin -inkey secp256k1-public-key.pem
> -in a.txt -out a.txt.enc
> pkeyutl: Error initializing context
> 140339244734272:error:0608B096:digital envelope
> routines:EVP_PKEY_encrypt_init:operation not supported for this
> keytype:crypto/evp/pmeth_fn.c:139:
>
> normg>cat secp256k1-public-key.pem
> -----BEGIN PUBLIC KEY-----
> MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE3bT9LIDRFNZ1D5QbA90zDh6UxDyYdrQv
> XmxFEr1AwKnmeD8dAg4F62ddmzX76fNaw1QqLbmEQTLdrEYM3KxUdA==
> -----END PUBLIC KEY-----
>
>
> Norm Green
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Encrypting using EC public key

Viktor Dukhovni

> On Jan 16, 2017, at 4:35 AM, Matt Caswell <[hidden email]> wrote:
>
> OpenSSL only supports ECDH (for key exchange) and ECDSA (for digital
> signatures) for elliptic curve keys, i.e. there are no ec encryption
> algorithms available.

That said, IIRC CMS supports EC public keys, by performing off-line
ECDH:

commit 88e20b8584a78c803eca7aa9fcf8c46ff0ece4ae
Author: Dr. Stephen Henson <[hidden email]>
Date:   Wed Jul 17 15:13:37 2013 +0100

    Add support for ECDH KARI.
   
    Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1
    method decode/encode the appropriate parameters from the CMS ASN1 data
    and send appropriate data to the EC public key method.

And further refinements in later commits.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...