Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote:
> Indeed. And, as far I am aware, this is not a missing feature or defect
> in OpenSSL. Rather, there is no standard way to directly encrypt with
> ECDSA, rather one uses a hybrid scheme that performs key derivation to
> obtain a symmetric key, and then encrypts with that derived key.
> https://en.wikipedia.org/wiki/Integrated_Encryption_Scheme
> This is supported by openssl-cms(1) (or just cms(1) in earlier
> documentation versions). There is a corresponding CMS API, though sadly
> due to the many different use-cases supported by CMS, the API is quite
> complex (as are also the supported command-line options).
I did this in my various patches to ruby-openssl.
The maintainers didn't like that patch because it wasn't exposing a specific
OpenSSL API, but rather doing ECIES. I would have provided just the right
hooks and do the real work in Ruby, but as I recall it needed access to a
number of other OpenSSL things that were not easy to expose.
I'm happy to share my code.
> You probably want to ask for help with the underlying problem you're
> trying to solve by attempting to encrypt with EC keys, rather than ask
> how to encrypt with EC keys.
It's a reason I still like RSA :-)
--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/27875.1725280342%40obiwan.sandelman.ca.
Attachment:
signature.asc
Description: PGP signature
