On Mon, Sep 02, 2024 at 08:33:49AM +0200, Tomas Mraz wrote:
> Asymmetric encryption using EC keys is not supported by the OpenSSL
> providers.
Indeed. And, as far I am aware, this is not a missing feature or defect
in OpenSSL. Rather, there is no standard way to directly encrypt with
ECDSA, rather one uses a hybrid scheme that performs key derivation to
obtain a symmetric key, and then encrypts with that derived key.
https://en.wikipedia.org/wiki/Integrated_Encryption_Scheme
This is supported by openssl-cms(1) (or just cms(1) in earlier
documentation versions). There is a corresponding CMS API, though sadly
due to the many different use-cases supported by CMS, the API is quite
complex (as are also the supported command-line options).
I'd suggest getting some practice with the command, before tackling the
API. Or perhaps you don't really want to use EC keys to encrypt.
If this is a real application, and not self-study or homework, then you
typically want to use some existing well-known protocol, and not
directly dable in specific low-level cipher choices, which are
notoriously difficult to use correctly. Encryption is brittle, handle
with care.
You probably want to ask for help with the underlying problem you're
trying to solve by attempting to encrypt with EC keys, rather than ask
how to encrypt with EC keys.
--
Viktor.
--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/ZtVosge6Cqw9bZlr%40chardros.imrryr.org.
