0

I'm using the https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec/# library and there is no option for EC encryption, just signing. Is there a way to encrypt text using the EC or do I have to use RSA?

Miro Krsjak
  • 355
  • 1
  • 16

1 Answers1

1

No, you can use ECIES. IES stands for Integrated Encryption Scheme. It uses the key agreement variant of EC to calculate a symmetric key, which can then be used for encryption, e.g. using AES/GCM.

The disadvantage is that you need to send the public key of the data specific key pair together with the ciphertext. Then again, RSA encryption also expands the ciphertext compared to the plaintext.

Implementing IES is not that hard, but still harder than simply calling a function to perform RSA encryption - you need to perform key pair generation, key agreement including key derivation and symmetric encryption/decryption after all.

Note that you should use different keys for signing and decryption, using keys for different purposes can be very dangerous.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • 1
    Why not Libsodium [pyNaCL](https://pynacl.readthedocs.io/en/1.0.1/) – kelalaka Jan 21 '20 at 22:19
  • 1
    @kelalaka That's an implementation of ECIES, right? OK, it also allows two static key pairs and a nonce, but the idea to use DH to encrypt seems the same. But yeah, valid remark, probably best to use that. – Maarten Bodewes Jan 22 '20 at 01:09
  • As I see it, RSA is better for a static (non key changing) encryption scheme and EC for realtime transactions with changing keys. – Miro Krsjak Jan 22 '20 at 12:26
  • Better understood maybe, but could you name me one important objective characteristic why RSA would be better for encryption than ECC? ECDH seems a pretty secure and efficient option. – Maarten Bodewes Jan 22 '20 at 16:27
  • The EC,as I understand, needs to change nonce => exchange new shared key to lower the possibility of a hack, or? Refering to the Sony PS3 issue with non changing nonce. – Miro Krsjak Jan 22 '20 at 21:30
  • No nonce needed if you use an ephemeral key pair - key pair generation is relatively efficient for EC. And RSA requires random padding, same difference. Both are valid options in the end. – Maarten Bodewes Jan 22 '20 at 23:39