EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Elliptic Curve Encryption with SBB

Posted: 04/15/2016 06:48:48
by kamel Faraoun (Basic support level)
Joined: 04/15/2016
Posts: 6

I want to use SBB PKI class to perform encryption and decryption using ECC. However When using TElECDHPublicKeyCrypto class, the method Encrypt Does not work (enrcyption is performed but decryption fail). The size of the produced encrypted stream is small with respect to the size of the plain one. Here is the code i used with delphi :

procedure TForm1.Button1Click(Sender: TObject);
var KeyMaterial:TElECKeyMaterial;

KeyMaterial:= TElECKeyMaterial.Create();
KeyMaterial.Curve:= SB_EC_SECP160R1;
Crypto:= TElECDHPublicKeyCrypto.Create;
Crypto.KeyMaterial:= KeyMaterial;

In addition, the mothod SavetoXML rais an expection (unsupported method). What is the problem? Can you give me a sample of a code to generate, encipher and decipher with ECC?

Posted: 04/15/2016 07:50:34
by Ken Ivanov (Team)

Hi Kamel,

Thank you for contacting us.

Elliptic curve-based encryption is available via a separate TElECIESCrypto component. TElECDHPublicKeyCrypto only deals with key exchange and offers no encryption functionality.

Posted: 04/15/2016 08:55:20
by Alexander Plas (Team)


One addition suggestion about your code. After encryption stream d has Position = Size, so there is nothing to decrypt. You have to set Position := 0 in order to decrypt data.
Posted: 04/15/2016 13:57:57
by kamel Faraoun (Basic support level)
Joined: 04/15/2016
Posts: 6

Thank you very much, i will try it.

Another problem occur when using the Demos provided. I have created a certificate using ECC as algorithm with the Demo of the Certificates, but when i intend to use it to encrypt a file (using the Demo of PKI encrypt), i had an error #2007!. With RSA certificates it works but i think it is not supported with ECC ones.
Posted: 04/15/2016 14:24:50
by Eugene Mayevski (Team)

ECC certificates can't be used for encryption as-is. This is exactly why ECIES scheme has been introduced.

Sincerely yours
Eugene Mayevski
Posted: 04/15/2016 15:42:16
by kamel Faraoun (Basic support level)
Joined: 04/15/2016
Posts: 6

Thanks for the replay, but can ECC certificates be used for signing? because the same as encryption when i used the Demo for signing i got the message (unsupported key Material).

Posted: 04/15/2016 16:25:17
by kamel Faraoun (Basic support level)
Joined: 04/15/2016
Posts: 6

Where can i find the TElECIESCrypto component?, which unit is it declared?
Posted: 04/15/2016 17:27:36
by Ken Ivanov (Team)

Could you please specify the exact sample that didn't work for you? Normally, certificates carrying ECDSA keys can be used for signing, and certificates with ECDH keys can be used for key exchange. There is no way to use plain EC scheme for encryption though.

The TElECIESCrypto component is declared in SBECIESCrypto unit.

Posted: 04/15/2016 18:03:13
by kamel Faraoun (Basic support level)
Joined: 04/15/2016
Posts: 6

I created a cetificate with ECDSA using the CertDemoWithCreation Demo, then i used it to sign a file using the SignDetached Demo and it does not work.

I am using version 11.0.

Kind Regards
Posted: 04/15/2016 18:29:23
by Ken Ivanov (Team)

Thank you. The SignDetached() sample only supports RSA and DSA algorithms, that's why it didn't work for you with your ECDSA certificate.

Irrespectively of the signing issue, version 11 is fairly old. Unless you have a very good reason for sticking to version 11, it is a good idea to switch to version 14 and continue your work with it. In particular, support for ECIES cryptography was only added in version 14.




Topic viewed 4946 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!