PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

how to use ecc for encrypt and decrypt data like aes and rsa


Mar 17, 2017 09:29
linbei

hi,there,

I use mbedtls for encrypt and decrypt data use rsa and ecc. and i have get how to use rsa for encrypt and decrypt data.

after I executing make,and go to program/pkey folder,use the command below

./rsa_genkey

./rsa_encrypt helloworld

./rsa_decrypt

this will output a cipher text name as "resule_enc.txt",and show the original string input.

ok,this is what I get about rsa.

now,I wanna use ECC,go to program/pkey folder,I execute like this,first generate private key,and use openssl generate public key,then encrypt data.

./gen_key type=ec

openssl ec -in keyfile.key -pubout -out ecpubkey.pem

./pk_encrypt ecpubkey.pem hellombedtls

this will show error

! mbedtls_pk_encrypt returned -0x3f00

! Last error was: PK - Type mismatch, eg attempt to encrypt with an ECDSA key

so,I wanna know whether I am right or not?I don't know why the public key mismatch? I wanna use Elliptic Curves like rsa to encrypt string.The OS is ubuntu 1604.

Looking forward to your reply.thanks!

BRs,

linbei,

 
Mar 21, 2017 08:02
linbei

why rsa is ok,but ec is error? did I use this wrong?

./pk_encrypt rsa_public_key_2048.pem helloworld

  . Seeding the random number generator...
  . Reading public key from 'rsa_public_key_2048.pem'
  . Generating the encrypted value
  . Done (created "result-enc.txt")
./pk_encrypt ecpub.pem helloworld

  . Seeding the random number generator...
  . Reading public key from 'ecpub.pem'
  . Generating the encrypted value failed
  ! mbedtls_pk_encrypt returned -0x3f00
  !  Last error was: PK - Type mismatch, eg attempt to encrypt with an ECDSA key
 
Mar 22, 2017 09:18
Ron Eldor

Hi Linbei,
Ecc ciphering algorithms are not supported by mbed TLS, as this is not a requirement by TLS protocol.
If you think that a need for ecc encryption\decryption is in need, please raise a feature request in the github issues tab
Regards
Mbed TLS Team member
Ron

 
Mar 22, 2017 10:24
linbei

Hi,Ron, Thanks for your feedback.I will use it correctly.Thanks very much.

 
Apr 7, 2017 21:03
Miriam Yumi

Hi Ron,

I'm sorry if I misunderstood, but does it means that mbed TLS does not support encryption and decryption using ECDSA?

I'm confused because I read "Public Key Module Level Design" and this was specified there (https://tls.mbed.org/module-level-design-public-key).

Could you clarify that for me?

Thanks in advance, Miriam

 
Apr 12, 2017 13:47
Ron Eldor

Hi Miriam,
I apologize for unclear explanation.
The "Public Key Level Design" DOES support ciphering, however, on the ECDSA level, ciphering is currently not supported due to the reason mentioned before. The mbedtls_ecdsa_info (as part of the mbedtls_pk_context) does not have ciphering callbacks. Also, the ecdsa functionality does not have encrypt and decrypt functionality.
As mentioned before, if you think there is a need to support ecdsa encrypt and decrypt, please add an enhancement request, with reason for your need and we will look at it
Regards,
mbed TLS Team member
Ron

 
Apr 17, 2017 21:06
Nicholas Wilson

There is no such thing as encryption or decryption with ECDSA. As the name implies (Digital Signature Algorithm), DSA is an algorithm for producing and verifying signatures, not performing decryption and encryption. To my knowledge, there are no widely-used Elliptic-curve algorithms for encryption/decryption; the closest you'd get would be to use ECDH to derive a shared key and then encrypt using an authenticated symmetric algorithm.

 
Apr 18, 2017 06:01
Ron Eldor

Hi Nick, You are correct the ECDSA is a digital Signing Algorithm. It was a writer's error, and I meant EC ciphering(which also mean a different algorithm in the pk wrapper layer).
In principle, one could do pure asymmetric encryption with EC ElGamal, but in practice nobody does that. You can find some information on Elgamal here. As you mentioned, ECDH is used for key exchange, and the exchanged key is later used for Symmetric ciphering.
Regards,
mbed TLS Team member
Ron

 
Apr 18, 2017 12:30
Miriam Yumi

Hi Ron and Nicholas,

After some research I've figured it out. I'll try this approach using ECDH combined with a symmetric algorithm.

Thank you very much for your answers and for your time!