EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Elliptic Curve Encryption with SBB

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#36489
Posted: 04/15/2016 06:48:48
by kamel Faraoun (Basic support level)
Joined: 04/15/2016
Posts: 6

I want to use SBB PKI class to perform encryption and decryption using ECC. However When using TElECDHPublicKeyCrypto class, the method Encrypt Does not work (enrcyption is performed but decryption fail). The size of the produced encrypted stream is small with respect to the size of the plain one. Here is the code i used with delphi :

procedure TForm1.Button1Click(Sender: TObject);
var KeyMaterial:TElECKeyMaterial;
Crypto:TElECDHPublicKeyCrypto;
f,c,d,z:TfileStream;

begin
c:=TFileStream.Create('c:\Sample.txt',fmOpenRead);
d:=TFileStream.Create('c:\d.txt',fmCreate);
z:=TFileStream.Create('c:\z.txt',fmCreate);
KeyMaterial:= TElECKeyMaterial.Create();
KeyMaterial.Curve:= SB_EC_SECP160R1;
KeyMaterial.Generate;
Crypto:= TElECDHPublicKeyCrypto.Create;
Crypto.KeyMaterial:= KeyMaterial;
Crypto.Encrypt(c,d,c.Size);
Crypto.Decrypt(d,z);
end;


In addition, the mothod SavetoXML rais an expection (unsupported method). What is the problem? Can you give me a sample of a code to generate, encipher and decipher with ECC?

Regards
#36490
Posted: 04/15/2016 07:50:34
by Ken Ivanov (EldoS Corp.)

Hi Kamel,

Thank you for contacting us.

Elliptic curve-based encryption is available via a separate TElECIESCrypto component. TElECDHPublicKeyCrypto only deals with key exchange and offers no encryption functionality.

Ken
#36493
Posted: 04/15/2016 08:55:20
by Alexander Plas (EldoS Corp.)

Hello

One addition suggestion about your code. After encryption stream d has Position = Size, so there is nothing to decrypt. You have to set Position := 0 in order to decrypt data.
#36495
Posted: 04/15/2016 13:57:57
by kamel Faraoun (Basic support level)
Joined: 04/15/2016
Posts: 6

Thank you very much, i will try it.

Another problem occur when using the Demos provided. I have created a certificate using ECC as algorithm with the Demo of the Certificates, but when i intend to use it to encrypt a file (using the Demo of PKI encrypt), i had an error #2007!. With RSA certificates it works but i think it is not supported with ECC ones.
#36496
Posted: 04/15/2016 14:24:50
by Eugene Mayevski (EldoS Corp.)

ECC certificates can't be used for encryption as-is. This is exactly why ECIES scheme has been introduced.


Sincerely yours
Eugene Mayevski
#36497
Posted: 04/15/2016 15:42:16
by kamel Faraoun (Basic support level)
Joined: 04/15/2016
Posts: 6

Thanks for the replay, but can ECC certificates be used for signing? because the same as encryption when i used the Demo for signing i got the message (unsupported key Material).

Regards.
#36498
Posted: 04/15/2016 16:25:17
by kamel Faraoun (Basic support level)
Joined: 04/15/2016
Posts: 6

Where can i find the TElECIESCrypto component?, which unit is it declared?
#36499
Posted: 04/15/2016 17:27:36
by Ken Ivanov (EldoS Corp.)

Could you please specify the exact sample that didn't work for you? Normally, certificates carrying ECDSA keys can be used for signing, and certificates with ECDH keys can be used for key exchange. There is no way to use plain EC scheme for encryption though.

The TElECIESCrypto component is declared in SBECIESCrypto unit.

Ken
#36501
Posted: 04/15/2016 18:03:13
by kamel Faraoun (Basic support level)
Joined: 04/15/2016
Posts: 6

I created a cetificate with ECDSA using the CertDemoWithCreation Demo, then i used it to sign a file using the SignDetached Demo and it does not work.

I am using version 11.0.

Kind Regards
#36502
Posted: 04/15/2016 18:29:23
by Ken Ivanov (EldoS Corp.)

Thank you. The SignDetached() sample only supports RSA and DSA algorithms, that's why it didn't work for you with your ECDSA certificate.

Irrespectively of the signing issue, version 11 is fairly old. Unless you have a very good reason for sticking to version 11, it is a good idea to switch to version 14 and continue your work with it. In particular, support for ECIES cryptography was only added in version 14.

Ken
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 3425 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!