views:

91

answers:

3

So far I have only seen it used in digital signatures and key agreement protocols. Can it be used like RSA to actually encrypt data? Are there any libraries for this?

Edited:

I need something like RSA. Encrypt the data with the recievers public key so later he can decyrpt it with his private key.

I know ECDH can be used to send a secret value to someone but you don't decide what data is sent. Unlike the "regular" DH with ECDH the resulting secret value is always the same since it only depends on the keypairs. I guess I could use this value as a key to a symmetric cipher and encrypt yet another key which is chosen by me and encrypt the data with that key (if I want to support multiple recievers). Is this a good way?

A: 

Like RSA, ECC an be used for encrypting data. In fact, this mode is used for keying protocols.

Like RSA, ECC is relatively slow, hence its more common to negotiate session keys using ECC and switch to symmetric ciphers after one has been chosen.

Yann Ramin
How can it be used like RSA? All the keying protocols I'm aware of athe use ECC are key agreement, whereas RSA is usually used for key transport.
GregS
Do you mean ECDH? I don't this actually encrypts data. You don't actually decide what is the secret data you send. It is dependent on both keypairs. I need something like the RSA encrypted emails where you choose a random symmetric key and ecrypt that with one or more public keys. I will edit the question to make it more clear.
stribika
A: 

Bouncy castle support this algorithm. (supposing you are familiar with Java) http://www.bouncycastle.org/wiki/display/JA1/Using+Elliptic+Curve

h3xStream
I was just looking at bouncy castle before posting this question. I only seen the Org.BouncyCastle.Crypto.Agreement.ECDH*, Org.BouncyCastle.Crypto.Signers.ECDSASigner classes. Can you tell me how to do this or which class to use? It should be something like RSAEngine.
stribika
I have not use Bouncy castle for EC before. Check the link I provided.. code samples are given.
h3xStream
+2  A: 

It can be used with ElGamal-style construct to encrypt the bits. A more modern instance of this is the IES scheme, ECIES in your case. Bouncycastle supports this with the IESEngine class. In particular the first constructor does what you seem to be trying to do.

GregS
This looks good. Thank you.
stribika