Better understanding of EC encryption API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Nov 26, 2015 at 07:59:22PM +0000, Matt Caswell wrote:

> On 26/11/15 19:18, Matt Loah wrote:
> > While the public key in the context of OpenSSL Elliptic Curves algorithm
> > is stored as a EC_POINT pointer... and the private key as a BIGNUM
> > pointer... which functions (or which kind of them) should be called to
> > encrypt & to decrypt a message in C/C++ ?
> 
> OpenSSL only supports ECDH and ECDSA, neither of which can be used to
> perform encryption.

This is not entirely true, in sufficiently recent versions of
OpenSSL, ECDSA keys can be used with CMS to encrypt keys.

Just create an ECDSA private key and email cerficate (example
attached), and then encrypt and decrypt some data:

    $ printf "%s\n" sesame |
	openssl cms -binary -outform DER -aes-128-cbc -encrypt -recip cert.pem |
	openssl cms -binary -inform DER -decrypt -recip cert.pem -inkey key.pem
    sesame

Examining the structure we see ECDSA enveloped keys
( https://tools.ietf.org/html/rfc3278.html#section-3.1 ):

    $ printf "%s\n" sesame |
	openssl cms -binary -outform DER -aes-128-cbc -encrypt -recip cert.pem |
	openssl asn1parse -inform DER
    0:d=0  hl=4 l= 263 cons: SEQUENCE
    4:d=1  hl=2 l=   9 prim: OBJECT            :pkcs7-envelopedData
   15:d=1  hl=3 l= 249 cons: cont [ 0 ]
   18:d=2  hl=3 l= 246 cons: SEQUENCE
   21:d=3  hl=2 l=   1 prim: INTEGER           :02
   24:d=3  hl=3 l= 178 cons: SET
   27:d=4  hl=3 l= 175 cons: cont [ 1 ]
   30:d=5  hl=2 l=   1 prim: INTEGER           :03
   33:d=5  hl=2 l=  81 cons: cont [ 0 ]
   35:d=6  hl=2 l=  79 cons: cont [ 1 ]
   37:d=7  hl=2 l=   9 cons: SEQUENCE
   39:d=8  hl=2 l=   7 prim: OBJECT            :id-ecPublicKey
   48:d=7  hl=2 l=  66 prim: BIT STRING
  116:d=5  hl=2 l=  24 cons: SEQUENCE
  118:d=6  hl=2 l=   9 prim: OBJECT            :dhSinglePass-stdDH-sha1kdf-scheme
  129:d=6  hl=2 l=  11 cons: SEQUENCE
  131:d=7  hl=2 l=   9 prim: OBJECT            :id-aes128-wrap
  142:d=5  hl=2 l=  61 cons: SEQUENCE
  144:d=6  hl=2 l=  59 cons: SEQUENCE
  146:d=7  hl=2 l=  31 cons: SEQUENCE
  148:d=8  hl=2 l=  26 cons: SEQUENCE
  150:d=9  hl=2 l=  24 cons: SET
  152:d=10 hl=2 l=  22 cons: SEQUENCE
  154:d=11 hl=2 l=   3 prim: OBJECT            :commonName
  159:d=11 hl=2 l=  15 prim: UTF8STRING        :Viktor Dukhovni
  176:d=8  hl=2 l=   1 prim: INTEGER           :01
  179:d=7  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:54480EC3C3C51599E1A058B4B8C467643E49067C9ED810C3
  205:d=3  hl=2 l=  60 cons: SEQUENCE
  207:d=4  hl=2 l=   9 prim: OBJECT            :pkcs7-data
  218:d=4  hl=2 l=  29 cons: SEQUENCE
  220:d=5  hl=2 l=   9 prim: OBJECT            :aes-128-cbc
  231:d=5  hl=2 l=  16 prim: OCTET STRING      [HEX DUMP]:D7A3A11E3A6ADE4A36050CCF7E123377
  249:d=4  hl=2 l=  16 prim: cont [ 0 ]

-- 
	Viktor.
-------------- next part --------------
-----BEGIN CERTIFICATE-----
MIIBuzCCAWGgAwIBAgIBATAKBggqhkjOPQQDAjAaMRgwFgYDVQQDDA9WaWt0b3Ig
RHVraG92bmkwHhcNMTUxMTI3MDM1MzQ3WhcNMTUxMjI3MDM1MzQ3WjAaMRgwFgYD
VQQDDA9WaWt0b3IgRHVraG92bmkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATE
5mgTFdY8CrqgDR8JBGTPhHNYhcd38+BagQdm7Zo1Z2zVJMdgjfp+bMxHmnVq06UR
yIAEGgonSvVY0tIjaOgOo4GXMIGUMB0GA1UdDgQWBBTRXWsWcTdQFJxxhUsMliJu
o2D3QzAfBgNVHSMEGDAWgBTRXWsWcTdQFJxxhUsMliJuo2D3QzAJBgNVHRMEAjAA
MAsGA1UdDwQEAwIEsDATBgNVHSUEDDAKBggrBgEFBQcDBDAlBgNVHREEHjAcgRpv
cGVuc3NsLXVzZXJzQGR1a2hvdm5pLm9yZzAKBggqhkjOPQQDAgNIADBFAiEAnG5X
wlBEQScZLGRmxsV/vAapbJhTBpCbaE1Nms6JghsCIGsCIY/2VezMoLtahSHi+KZf
zSePdYIGC49VZF1f2m0f
-----END CERTIFICATE-----
-------------- next part --------------
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQglgUxDgdcr1IRtjix
Sy39lOQOwpriCjByKX+Lh8k+SnmhRANCAATE5mgTFdY8CrqgDR8JBGTPhHNYhcd3
8+BagQdm7Zo1Z2zVJMdgjfp+bMxHmnVq06URyIAEGgonSvVY0tIjaOgO
-----END PRIVATE KEY-----


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux