Use public key to sign message with ECSDA as encryption method

I’m using this :crypto.crypto_one_time(Cipher, Key, Data, EncryptFlag) I would like to encrypt a file using a brainpool GPG key.

There are other methods such as public_encrypt and public_key:encrypt_public but I run into the same issue using these.

ECDSA is a signing algorithm, not an encryption algorithm. Encryption algorithms for use with an elliptic curve key, such as ECIES, tend do have interop issues between implementations, which is probably why Erlang’s ‘:crypto’ application does not support them (yet?).

It would be possible to implement a hybrid encryption scheme like ECIES or PGP using the primitives provided by ‘:crypto’, but you’re probably better off using a library such as NaCl/libsodium (if your key is compatible with the schemes it provides) or call to the PGP CLI instead.

To clarify, if I use a ECDSA PGP key, you’re saying I cannot use one of the built in functions in the Erlang crypto suite because it is not implemented yet?

If so, let’s assume I’m going to use RSA, I need to have an RSA PGP key correct? And then use :public_key.encrypt_public etc?

:crypto implements a number of primitives, some of them work with EC keys (such as a key that PGP might use for ECDSA signatures), and some of them work with RSA keys.

The :public_key module provides a slightly higher level APIs for working with asymmetrical keys, but neither module implements a full hybrid encryption scheme. The primitives like :public_key.public_encrypt can be used to encrypt small(!) amounts of data directly with an RSA key, but generally you want to encrypt your payload with a symmetrical algorithm and use the public key only to exchange the symmetrical key.

I would recommend you consider using a higher level library that meets your needs: the only thing that’s easy when using :crypto and :public_key is shooting yourself in the foot :stuck_out_tongue_winking_eye:

I was using this with RSA keys and it was working until I substituted the RSA public key for a PGP public key (with RSA encryption) and it did not work… face palm.

 [encoded_pub_key] = :public_key.pem_decode(raw_pub_key)
        pub_key = :public_key.pem_entry_decode(encoded_pub_key)

Any suggestions for a better library? One in which I can use a PGP key?

The key storage format may not matter so much: it should be pretty simple to convert an RSA or EC key from PGP format to PEM or DER.

The main question is who needs to decrypt the data later? NaCl/libsodium (e.g. through https://github.com/jlouis/enacl) provides convenient and safe APIs, but it requires that the receipt use a compatible (NaCl-based) library.