BouncyCastle C#: How to Implement EllipticCurve Encryption/Decryption

3
votes

BouncyCastle includes many symmetric encryption engines, as well as RSA and ElGamal encryption engines (asymmetric engines). It also has a lot of online resources about how to use these engines to perform encryption/decryption processes. However, a bouncy castle provides no Elliptic Curve engine (check github/bc). After reviewing the code, all asymmetric engines implement the AsymmetricBlockCipher interface and none of them is an EC engine.

This is somehow confusing since BouncyCastle provides the ability to generate EC key pairs with different key strength based on predefined and well-known curves, like the example below:

public static AsymmetricCipherKeyPair GenerateKeys(int keySize)
{
    DerObjectIdentifier oid;
    switch (keySize)
    {
        case 192:
            oid = X9ObjectIdentifiers.Prime192v1;
            break;
        case 224:
            oid = SecObjectIdentifiers.SecP224r1;
            break;
        case 128:
            oid = SecObjectIdentifiers.SecP128r1;
            break;
        case 239:
            oid = X9ObjectIdentifiers.Prime239v1;
            break;
        case 256:
            oid = X9ObjectIdentifiers.Prime256v1;
            break;
        case 384:
            oid = SecObjectIdentifiers.SecP384r1;
            break;
        case 521:
            oid = SecObjectIdentifiers.SecP521r1;
            break;
        default:
            throw new InvalidParameterException("unknown key size.");
    }

    ECKeyPairGenerator gen = new ECKeyPairGenerator();
    SecureRandom secureRandom = new SecureRandom();
    X9ECParameters ecps = CustomNamedCurves.GetByOid(oid);
    ECDomainParameters ecDomainParameters = new ECDomainParameters(ecps.Curve, ecps.G, ecps.N, ecps.H, ecps.GetSeed());
    ECKeyGenerationParameters ecKeyGenerationParameters = new ECKeyGenerationParameters(ecDomainParameters, secureRandom);
    gen.Init(ecKeyGenerationParameters);
    return gen.GenerateKeyPair();
}

There are some engines, like IESEngine, that provides a public/private EC agreement on top of the encryption/decryption process (e.g. ECDHBasicAgreement), however, it doesn't use the public/private keys directly, instead, it calculates a new symmetric key from both keys that are then used to encrypt the plaintext message using a predefined symmetric cipher.

My question:

  1. Is BC really not providing an easy to use EC Engine like ElGamalEngine and RSAEngine?
  2. If yes, how to implement a safe EC encryption/decryption process using directly the ECKeyParameters generated using the above function (if possible)?

Thanks in advance.

2
c#encryptionbouncycastleelliptic-curve
Please do not format arbitrary names as code.Uwe Keim
you may want to read the following Wiki article on different encryption algorithms and there security : en.wikipedia.org/wiki/Transport_Layer_Security. Elliptical is one method in the article. RFC5289 (a reference in Wiki) can be found here : tools.ietf.org/html/rfc5289jdweng
@jdweng This has nothing to do with TLS, why did you even bring that up?Maarten Bodewes
includes too many symmetric encryption engines... Why too many? What's the right number?President James K. Polk
I'm not saying it is not secure. Just that there are better/newer methods that are less prone to hackers. Believe what NSA says, it is accurate from the WIki article. The strength of an algorithm is based on the time is would take a hacker to decrypt and the speed of the machine used to break the algorithm. So using longer keys, faster machines, and eliminating the known threats all change the time it takes hackers to break.jdweng

2 Answers

2
votes

Is BC really not providing an easy to use EC Engine like ElGamalEngine and RSAEngine?

Correct, because there aren't any. In principle you could use ElGamal encryption with ECC, but that has such serious input limitations (requiring a point rather than normal plaintext) that it is hardly useful to do so. Furthermore, using it directly will lead to an insecure scheme. That's not specific to Bouncy Castle, by the way.

If yes, how to implement a safe EC encryption/decryption process using directly the ECKeyParameters generated using the above function (if possible)?

Unless you are a cryptographer / mathematician, you don't. You use ECIES.

1
votes

After some research, I found that BouncyCastle has its own SM2Engine that implements the SM2 Digital Signature Algorithm and uses the ECKeyParameters (Elliptic curve key parameters) to provide encryption/decryption abilities.

Edit: please note that SM2 is not yet verified to be totally secure, where there has been relatively little analysis of the SM2 signature scheme that I can find in the anglophone cryptography literature beyond some side channel attacks. So use it upon your own responsibility.

        SM2Engine sm2Engine  = new SM2Engine();
        sm2Engine.init(true, new ParametersWithRandom((ECKeyParameters) publicKey, new SecureRandom()));
        byte[] enc1 = sm2Engine.processBlock(plainText, 0, plainText.length);
        System.out.println("Cipher Text (SM2Engine): " + Hex.toHexString(enc1));

        sm2Engine  = new SM2Engine();
        sm2Engine.init(false, (ECKeyParameters) privateKey);
        byte[] dec1 = sm2Engine.processBlock(enc1, 0, enc1.length);
        System.out.println("Plain Text (SM2Engine): " + Hex.toHexString(dec1));