7

So far I have only seen it used in digital signatures and key agreement protocols. Can it be used like RSA to actually encrypt data? Are there any libraries for this?

Edited:

I need something like RSA. Encrypt the data with the recievers public key so later he can decyrpt it with his private key.

I know ECDH can be used to send a secret value to someone but you don't decide what data is sent. Unlike the "regular" DH with ECDH the resulting secret value is always the same since it only depends on the keypairs. I guess I could use this value as a key to a symmetric cipher and encrypt yet another key which is chosen by me and encrypt the data with that key (if I want to support multiple recievers). Is this a good way?

stribika
  • 3,146
  • 2
  • 23
  • 21
  • 1
    This is an interesting query. What was the final approach you took to use ECC for Key tranporting? – Raj Jul 20 '11 at 12:28

3 Answers3

6

It can be used with ElGamal-style construct to encrypt the bits. A more modern instance of this is the IES scheme, ECIES in your case. Bouncycastle supports this with the IESEngine class. In particular the first constructor does what you seem to be trying to do.

President James K. Polk
  • 40,516
  • 21
  • 95
  • 125
2

Elliptic curve Elgamal encryption scheme will serve the purpose. It uses public key to encrypt and corresponding private key to decrypt the cipher text.

radhu
  • 21
  • 1
0

Like RSA, ECC an be used for encrypting data. In fact, this mode is used for keying protocols.

Like RSA, ECC is relatively slow, hence its more common to negotiate session keys using ECC and switch to symmetric ciphers after one has been chosen.

Yann Ramin
  • 32,895
  • 3
  • 59
  • 82
  • 1
    How can it be used like RSA? All the keying protocols I'm aware of athe use ECC are key agreement, whereas RSA is usually used for key transport. – President James K. Polk Jun 23 '10 at 00:47
  • 1
    Do you mean ECDH? I don't this actually encrypts data. You don't actually decide what is the secret data you send. It is dependent on both keypairs. I need something like the RSA encrypted emails where you choose a random symmetric key and ecrypt that with one or more public keys. I will edit the question to make it more clear. – stribika Jun 23 '10 at 00:55