Hi,
Thanks for your response.
I'm working on a custom TLS Traffic simulator. I need to craft client/server hello along with implementation of encryption / decryption algorithms including SECP256R1, SECP384R1, SECP521R1, X25519, X448, FFDHE2048, FFDHE3072, FFDHE4096, FFDHE6144, FFDHE8192 till connection closure.
Started practicing sample programs. I've tried to understand the APIs. But they are very complicated and not able to find any sample programs in the man pages here https://docs.openssl.org/1.1.1/man3/
As I'm a beginner, it will be great if you can help me with a good tutorial.
Thanks & Regards
--
Lokesh Chakka,
Mobile: +91-9515546395
On Mon, Sep 2, 2024 at 12:56 PM Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote:
On Mon, Sep 02, 2024 at 08:33:49AM +0200, Tomas Mraz wrote:
> Asymmetric encryption using EC keys is not supported by the OpenSSL
> providers.
Indeed. And, as far I am aware, this is not a missing feature or defect
in OpenSSL. Rather, there is no standard way to directly encrypt with
ECDSA, rather one uses a hybrid scheme that performs key derivation to
obtain a symmetric key, and then encrypts with that derived key.
https://en.wikipedia.org/wiki/Integrated_Encryption_Scheme
This is supported by openssl-cms(1) (or just cms(1) in earlier
documentation versions). There is a corresponding CMS API, though sadly
due to the many different use-cases supported by CMS, the API is quite
complex (as are also the supported command-line options).
I'd suggest getting some practice with the command, before tackling the
API. Or perhaps you don't really want to use EC keys to encrypt.
If this is a real application, and not self-study or homework, then you
typically want to use some existing well-known protocol, and not
directly dable in specific low-level cipher choices, which are
notoriously difficult to use correctly. Encryption is brittle, handle
with care.
You probably want to ask for help with the underlying problem you're
trying to solve by attempting to encrypt with EC keys, rather than ask
how to encrypt with EC keys.
--
Viktor.
--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/ZtVosge6Cqw9bZlr%40chardros.imrryr.org.
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/CAHEz-nm6MfgBoXSH%3D3e9w2D8s0zvib4j7pbfPop9A93HL%3Dcm4g%40mail.gmail.com.
