Version: v0.0.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jan 25, 2016 License: GPL-3.0, BSD-3-Clause Imports: 18 Imported by: 9



This implementation is direct fork of Kylom's implementation. I claim no authorship over this code apart from some minor modifications.
Please be aware this code **has not yet been reviewed**.

ecies implements the Elliptic Curve Integrated Encryption Scheme.

The package is designed to be compliant with the appropriate NIST
standards, and therefore doesn't support the full SEC 1 algorithm set.


ecies should be ready for use. The ASN.1 support is only complete so
far as to supported the listed algorithms before.


1. CMAC support is currently not present.


             AES128                         SHA-1
             AES192                        SHA-224
             AES256                        SHA-256
        ELLIPTIC CURVE                     SHA-512
             P384		    KEY DERIVATION FUNCTION
             P521	       NIST SP 800-65a Concatenation KDF

Curve P224 isn't supported because it does not provide a minimum security
level of AES128 with HMAC-SHA1. According to NIST SP 800-57, the security
level of P224 is 112 bits of security. Symmetric ciphers use CTR-mode;
message tags are computed using HMAC-<HASH> function.


According to NIST SP 800-57, the following curves should be selected:

    |     128-bit    |  P256 |
    |     192-bit    |  P384 |
    |     256-bit    |  P521 |


1. Look at serialising the parameters with the SEC 1 ASN.1 module.
2. Validate ASN.1 formats with SEC 1.


The only test vectors I've found so far date from 1993, predating AES
and including only 163-bit curves. Therefore, there are no published
test vectors to compare to.


ecies is released under the same license as the Go source code. See the
LICENSE file for details.


* SEC (Standard for Efficient Cryptography) 1, version 2.0: Elliptic
  Curve Cryptography; Certicom, May 2009.
* GEC (Guidelines for Efficient Cryptography) 2, version 0.3: Test
  Vectors for SEC 1; Certicom, September 1999.
* NIST SP 800-56a: Recommendation for Pair-Wise Key Establishment Schemes
  Using Discrete Logarithm Cryptography. National Institute of Standards
  and Technology, May 2007.
* Suite B Implementer’s Guide to NIST SP 800-56A. National Security
  Agency, July 28, 2009.
* NIST SP 800-57: Recommendation for Key Management – Part 1: General
  (Revision 3). National Institute of Standards and Technology, July




This section is empty.


View Source
var (
	ErrImport                     = fmt.Errorf("ecies: failed to import key")
	ErrInvalidCurve               = fmt.Errorf("ecies: invalid elliptic curve")
	ErrInvalidParams              = fmt.Errorf("ecies: invalid ECIES parameters")
	ErrInvalidPublicKey           = fmt.Errorf("ecies: invalid public key")
	ErrSharedKeyIsPointAtInfinity = fmt.Errorf("ecies: shared key is point at infinity")
	ErrSharedKeyTooBig            = fmt.Errorf("ecies: shared key params are too big")
View Source
var (
	ErrKeyDataTooLong = fmt.Errorf("ecies: can't supply requested key data")
	ErrSharedTooLong  = fmt.Errorf("ecies: shared secret is too long")
	ErrInvalidMessage = fmt.Errorf("ecies: invalid message")
View Source
var (
	DefaultCurve                  = secp256k1.S256()
	ErrUnsupportedECDHAlgorithm   = fmt.Errorf("ecies: unsupported ECDH algorithm")
	ErrUnsupportedECIESParameters = fmt.Errorf("ecies: unsupported ECIES parameters")
View Source
var (
	ECIES_AES128_SHA256 = &ECIESParams{
		Hash:      sha256.New,
		hashAlgo:  crypto.SHA256,
		Cipher:    aes.NewCipher,
		BlockSize: aes.BlockSize,
		KeyLen:    16,

	ECIES_AES256_SHA256 = &ECIESParams{
		Hash:      sha256.New,
		hashAlgo:  crypto.SHA256,
		Cipher:    aes.NewCipher,
		BlockSize: aes.BlockSize,
		KeyLen:    32,

	ECIES_AES256_SHA384 = &ECIESParams{
		Hash:      sha512.New384,
		hashAlgo:  crypto.SHA384,
		Cipher:    aes.NewCipher,
		BlockSize: aes.BlockSize,
		KeyLen:    32,

	ECIES_AES256_SHA512 = &ECIESParams{
		Hash:      sha512.New,
		hashAlgo:  crypto.SHA512,
		Cipher:    aes.NewCipher,
		BlockSize: aes.BlockSize,
		KeyLen:    32,
View Source
var ErrInvalidPrivateKey = fmt.Errorf("ecies: invalid private key")


func AddParamsForCurve

func AddParamsForCurve(curve elliptic.Curve, params *ECIESParams)

func Encrypt

func Encrypt(rand io.Reader, pub *PublicKey, m, s1, s2 []byte) (ct []byte, err error)

Encrypt encrypts a message using ECIES as specified in SEC 1, 5.1. If the shared information parameters aren't being used, they should be nil.

func ExportPrivatePEM

func ExportPrivatePEM(prv *PrivateKey) (out []byte, err error)

Export a private key to PEM format.

func ExportPublicPEM

func ExportPublicPEM(pub *PublicKey) (out []byte, err error)

Export a public key to PEM format.

func MarshalPrivate

func MarshalPrivate(prv *PrivateKey) ([]byte, error)

Encode a private key to DER format.

func MarshalPublic

func MarshalPublic(pub *PublicKey) ([]byte, error)

Encode a public key to DER format.

func MaxSharedKeyLength

func MaxSharedKeyLength(pub *PublicKey) int

MaxSharedKeyLength returns the maximum length of the shared key the public key can produce.


type ECIESParams

type ECIESParams struct {
	Hash func() hash.Hash // hash function

	Cipher    func([]byte) (cipher.Block, error) // symmetric cipher
	BlockSize int                                // block size of symmetric cipher
	KeyLen    int                                // length of symmetric key
	// contains filtered or unexported fields

func ParamsFromCurve

func ParamsFromCurve(curve elliptic.Curve) (params *ECIESParams)

ParamsFromCurve selects parameters optimal for the selected elliptic curve. Only the curves P256, P384, and P512 are supported.

type PrivateKey

type PrivateKey struct {
	D *big.Int

PrivateKey is a representation of an elliptic curve private key.

func GenerateKey

func GenerateKey(rand io.Reader, curve elliptic.Curve, params *ECIESParams) (prv *PrivateKey, err error)

Generate an elliptic curve public / private keypair. If params is nil, the recommended default paramters for the key will be chosen.

func ImportECDSA

func ImportECDSA(prv *ecdsa.PrivateKey) *PrivateKey

Import an ECDSA private key as an ECIES private key.

func ImportPrivatePEM

func ImportPrivatePEM(in []byte) (prv *PrivateKey, err error)

Import a PEM-encoded private key.

func UnmarshalPrivate

func UnmarshalPrivate(in []byte) (prv *PrivateKey, err error)

Decode a private key from a DER-encoded format.

func (*PrivateKey) Decrypt

func (prv *PrivateKey) Decrypt(rand io.Reader, c, s1, s2 []byte) (m []byte, err error)

Decrypt decrypts an ECIES ciphertext.

func (*PrivateKey) ExportECDSA

func (prv *PrivateKey) ExportECDSA() *ecdsa.PrivateKey

Export an ECIES private key as an ECDSA private key.

func (*PrivateKey) GenerateShared

func (prv *PrivateKey) GenerateShared(pub *PublicKey, skLen, macLen int) (sk []byte, err error)

ECDH key agreement method used to establish secret keys for encryption.

type PublicKey

type PublicKey struct {
	X *big.Int
	Y *big.Int
	Params *ECIESParams

PublicKey is a representation of an elliptic curve public key.

func ImportECDSAPublic

func ImportECDSAPublic(pub *ecdsa.PublicKey) *PublicKey

Import an ECDSA public key as an ECIES public key.

func ImportPublicPEM

func ImportPublicPEM(in []byte) (pub *PublicKey, err error)

Import a PEM-encoded public key.

func UnmarshalPublic

func UnmarshalPublic(in []byte) (pub *PublicKey, err error)

Decode a DER-encoded public key.

func (*PublicKey) ExportECDSA

func (pub *PublicKey) ExportECDSA() *ecdsa.PublicKey

Export an ECIES public key as an ECDSA public key.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL