Use public key to sign message with ECSDA as encryption method

Erlang & BEAM Forum (archived) Questions / Help (archived)
,
#1

I’m using this :crypto.crypto_one_time(Cipher, Key, Data, EncryptFlag) I would like to encrypt a file using a brainpool GPG key.

There are other methods such as public_encrypt and public_key:encrypt_public but I run into the same issue using these.

Erlang's :crypto module
#2

ECDSA is a signing algorithm, not an encryption algorithm. Encryption algorithms for use with an elliptic curve key, such as ECIES, tend do have interop issues between implementations, which is probably why Erlang’s ‘:crypto’ application does not support them (yet?).

It would be possible to implement a hybrid encryption scheme like ECIES or PGP using the primitives provided by ‘:crypto’, but you’re probably better off using a library such as NaCl/libsodium (if your key is compatible with the schemes it provides) or call to the PGP CLI instead.

#3

To clarify, if I use a ECDSA PGP key, you’re saying I cannot use one of the built in functions in the Erlang crypto suite because it is not implemented yet?

If so, let’s assume I’m going to use RSA, I need to have an RSA PGP key correct? And then use :public_key.encrypt_public etc?

#4

:crypto implements a number of primitives, some of them work with EC keys (such as a key that PGP might use for ECDSA signatures), and some of them work with RSA keys.

The :public_key module provides a slightly higher level APIs for working with asymmetrical keys, but neither module implements a full hybrid encryption scheme. The primitives like :public_key.public_encrypt can be used to encrypt small(!) amounts of data directly with an RSA key, but generally you want to encrypt your payload with a symmetrical algorithm and use the public key only to exchange the symmetrical key.

I would recommend you consider using a higher level library that meets your needs: the only thing that’s easy when using :crypto and :public_key is shooting yourself in the foot :stuck_out_tongue_winking_eye:

#5

I was using this with RSA keys and it was working until I substituted the RSA public key for a PGP public key (with RSA encryption) and it did not work… face palm.

 [encoded_pub_key] = :public_key.pem_decode(raw_pub_key)
        pub_key = :public_key.pem_entry_decode(encoded_pub_key)

Any suggestions for a better library? One in which I can use a PGP key?

#6

The key storage format may not matter so much: it should be pretty simple to convert an RSA or EC key from PGP format to PEM or DER.

The main question is who needs to decrypt the data later? NaCl/libsodium (e.g. through https://github.com/jlouis/enacl) provides convenient and safe APIs, but it requires that the receipt use a compatible (NaCl-based) library.