1

I want to encrypt a simply message with an EC private key, specifically, prime256v1 by CMD; and decrypt with the corresponding EC public key.

I have only found references for RSA in the asymmetric cryptographic case or encryption with an ec public key, but i need to use ECDSA algorithm and encrypt with a private key.

irene gómez
  • 31
  • 1
  • 7

1 Answers1

6

Generate a self-signed P-256 certificate and associated private key like this:

openssl ecparam -name prime256v1 -out p256-params.pem

openssl req -x509 -nodes -days 3650 -newkey  ec:p256-params.pem -keyout p256-key.pem -out p256-cert.pem

Encrypt a file like this:

openssl cms -encrypt -binary -aes-256-cbc -in plaintext.dat -out ciphertext.dat p256-cert.pem

Decrypt a file like this:

openssl cms -decrypt -in ciphertext.dat -out plaintext2.dat -inkey p256-key.pem

Sign a file like this:

openssl cms -sign -binary -in plaintext.dat -out signedtext.dat -inkey p256-key.pem -signer p256-cert.pem -nodetach

Verify a signed file like this:

openssl cms -verify -in signedtext.dat -out plaintext2.dat -CAfile p256-cert.pem
Matt Caswell
  • 8,167
  • 25
  • 28
  • Thank you so much! But, when you use the certificate to encrypt, you are encrypting with the public key, right? I need to encrypt with private key, as a sign. So that all the devices that have my public key could decrypt the message. – irene gómez Jun 03 '20 at 08:14
  • I have found this for the RSA algorithm: `echo "Hola mundo" > message.txt` `openssl rsautl -inkey key.pem -in message.txt -sign > message.enc` `openssl rsautl -inkey pub-key.pem -pubin -in message.enc -out message.dec` I look for that for an ECDSA algorithm. – irene gómez Jun 03 '20 at 08:25
  • 2
    I've added info on signing/verifying. Note that RSA and ECDSA are quite different. With RSA you can "encrypt" data using the private key...which is normally used for signing. Typically the plaintext is transported along with the signature (where what is actually signed is the hash of the plaintext). ECDSA does not encrypt, it only signs - and again the plaintext and signature are transported together. Unlike RSA, you cannot take an ECDSA signature and somehow "decrypt" it with the public key to recover the original data that was signed. – Matt Caswell Jun 03 '20 at 09:18
  • 2
    Basically don't expect any confidentiality properties from an ECDSA signed message. You only get authentication. – Matt Caswell Jun 03 '20 at 09:18