Encrypt with Public Key and decrypt with Private Key using elliptic-curve cryptography

4
votes

everybody. Is it possible to perform public key encryption flow for elliptic-curve cryptography? https://en.wikipedia.org/wiki/Public-key_cryptography

I need to implement the following scenario:

  1. Alice generates a message.
  2. Alice encrypts it with Bob's public key.
  3. Alice sends a message to Bob (via an insecure channel).
  4. Bob gets the message.
  5. Bob can decrypt this message only with his private key.

I can't find a proper method inside the tweetnacl lib (https://github.com/dchest/tweetnacl-js). Could somebody can direct me in the right direction?

Thank you in advance.

3
cryptography
If you're looking for help/advice implementing this kind of scheme you might be better served asking on stackoverflow. I'd second camp0's answer below that it might be a better idea to find an existing implementation than writing your own. You can check here too.user8675309
I agree. StackOverflow is the most suitable place for it.ThoriumBR

3 Answers

3
votes

You should be looking for an ECIES implementation. Here is a random JavaScript library that seems to support it.

Elliptic Curves do not support a encryption primitive like RSA does. There is EC ElGamal but is not worth it due to the small key sizes and the amount of overhead of ElGamal.

To use curves with encryption you need to use hybrid encryption. ECIES is hybrid encryption: offline ECDH key agreement together with symmetric encryption performed using the derived secret key.

Note that ECIES is not well standardized. You may have to choose your own key derivation function, stream cipher or block cipher and mode of operation. For the key derivation method you could choose HKDF where available. AES in GCM mode seems a sane choice today for the cipher (the 12 byte IV may be set to zero or to a value derived from the "shared secret" as well). Libraries that support ECIES will probably have their own idea on what ECIES should look like, but beware of compatibility issues...

0
votes

I will suggest you go to an easy library that makes the work for you, I specially like the python ecdsa module (https://github.com/warner/python-ecdsa), is easy and not complicated. Also read about how EC works will help you in make your decision.

0
votes

Isn't the encryption method in the documentation that you linked to for tweetnacl-js? https://github.com/dchest/tweetnacl-js#naclboxmessage-nonce-theirpublickey-mysecretkey

nacl.box(message, nonce, theirPublicKey, mySecretKey)

Encrypts and authenticates message using peer's public key, our secret key, and the given nonce, which must be unique for each distinct message for a key pair.

Returns an encrypted and authenticated message, which is nacl.box.overheadLength longer than the original message.

You would use the recipient's public key as the third argument to the above function. You would use your own private key as the fourth argument. The library takes care of message integrity by creating a signature of the encrypted message, signed by your private key.