how to use ecc for encrypt and decrypt data like aes and rsa
I use mbedtls for encrypt and decrypt data use rsa and ecc. and i have get how to use rsa for encrypt and decrypt data.
after I executing make,and go to
program/pkey folder,use the command below
this will output a cipher text name as "
resule_enc.txt",and show the original string input.
ok,this is what I get about rsa.
now,I wanna use
program/pkey folder,I execute like this,first generate private key,and use
openssl generate public key,then encrypt data.
openssl ec -in keyfile.key -pubout -out ecpubkey.pem
./pk_encrypt ecpubkey.pem hellombedtls
this will show error
! mbedtls_pk_encrypt returned -0x3f00
! Last error was: PK - Type mismatch, eg attempt to encrypt with an ECDSA key
so,I wanna know whether I am right or not?I don't know why the public key mismatch? I wanna use Elliptic Curves like rsa to encrypt string.The OS is
Looking forward to your reply.thanks!
why rsa is ok,but ec is error? did I use this wrong?
./pk_encrypt rsa_public_key_2048.pem helloworld . Seeding the random number generator... . Reading public key from 'rsa_public_key_2048.pem' . Generating the encrypted value . Done (created "result-enc.txt")
./pk_encrypt ecpub.pem helloworld . Seeding the random number generator... . Reading public key from 'ecpub.pem' . Generating the encrypted value failed ! mbedtls_pk_encrypt returned -0x3f00 ! Last error was: PK - Type mismatch, eg attempt to encrypt with an ECDSA key
Ecc ciphering algorithms are not supported by mbed TLS, as this is not a requirement by TLS protocol.
If you think that a need for ecc encryption\decryption is in need, please raise a feature request in the github issues tab
Mbed TLS Team member
Hi,Ron, Thanks for your feedback.I will use it correctly.Thanks very much.
I'm sorry if I misunderstood, but does it means that mbed TLS does not support encryption and decryption using ECDSA?
I'm confused because I read "Public Key Module Level Design" and this was specified there (https://tls.mbed.org/module-level-design-public-key).
Could you clarify that for me?
Thanks in advance, Miriam
I apologize for unclear explanation.
The "Public Key Level Design" DOES support ciphering, however, on the ECDSA level, ciphering is currently not supported due to the reason mentioned before. The
mbedtls_ecdsa_info (as part of the
mbedtls_pk_context) does not have ciphering callbacks. Also, the ecdsa functionality does not have
As mentioned before, if you think there is a need to support ecdsa encrypt and decrypt, please add an enhancement request, with reason for your need and we will look at it
mbed TLS Team member
There is no such thing as encryption or decryption with ECDSA. As the name implies (Digital Signature Algorithm), DSA is an algorithm for producing and verifying signatures, not performing decryption and encryption. To my knowledge, there are no widely-used Elliptic-curve algorithms for encryption/decryption; the closest you'd get would be to use ECDH to derive a shared key and then encrypt using an authenticated symmetric algorithm.
You are correct the ECDSA is a digital Signing Algorithm. It was a writer's error, and I meant EC ciphering(which also mean a different algorithm in the pk wrapper layer).
In principle, one could do pure asymmetric encryption with EC ElGamal, but in practice nobody does that. You can find some information on Elgamal here. As you mentioned, ECDH is used for key exchange, and the exchanged key is later used for Symmetric ciphering.
mbed TLS Team member
Hi Ron and Nicholas,
After some research I've figured it out. I'll try this approach using ECDH combined with a symmetric algorithm.
Thank you very much for your answers and for your time!