Encryption/decryption using Ed25519. #2272
Comments
|
ed25519 is a signature algorithm, it cannot be used for encryption.
…On Mon, Jul 29, 2024 at 5:51 PM Rahul Subramaniyam ***@***.***> wrote:
I am trying to encrypt using Ed25519, I ran into this error:
ErrorStack([Error { code: 50331798, library: "digital envelope routines", function: "evp_pkey_asym_cipher_init", reason: "operation not supported for this keytype", file: "crypto/evp/asymcipher.c", line: 189 }])
From looking around previous reports on this error, I am not sure if encryption/decryption is even supported for Ed25519, as it is primarily intended for signatures. Please let mw know.
Some context on why Ed25519 is being used: we have existing infra that uses biscuit_auth for authentication, and biscuit is primarily based on Ed25519. Ideally, would like to use the same key pair for the encrypt/decrypt as well.
Thanks.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
|
Thanks for confirming. In this case, what are the choices apart from RSA for the asymmetric encryption? Any EC based ones that should be preferred? |
|
It is possible to use ECDH to build a hybrid asymmetric encryption scheme
(see, ECIES for example).
…On Mon, Jul 29, 2024 at 6:08 PM Rahul Subramaniyam ***@***.***> wrote:
Thanks for confirming. In this case, what are the choices apart from RSA
for the asymmetric encryption? Any EC based ones that should be preferred?
—
Reply to this email directly, view it on GitHub
<#2272 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBFPV6MS3SKSZCX4CXDZO24MFAVCNFSM6AAAAABLVDGJTGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJXGA4TEOJXGQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
|
From what I understand, ECIES is not something openssl supports as is. We would need to add some layers on top for the hybrid scheme. Is this correct? |
|
Yes, you'd have to build it yourself.
…On Mon, Jul 29, 2024 at 6:22 PM Rahul Subramaniyam ***@***.***> wrote:
From what I understand, ECIES is not something openssl supports as is. We would need to add some layers on top for the hybrid scheme. Is this correct?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you commented.Message ID: ***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am trying to encrypt using Ed25519, I ran into this error:
ErrorStack([Error { code: 50331798, library: "digital envelope routines", function: "evp_pkey_asym_cipher_init", reason: "operation not supported for this keytype", file: "crypto/evp/asymcipher.c", line: 189 }])From looking around previous reports on this error, I am not sure if encryption/decryption is even supported for Ed25519, as it is primarily intended for signatures. Please let mw know.
Some context on why Ed25519 is being used: we have existing infra that uses
biscuit_authfor authentication, and biscuit is primarily based on Ed25519. Ideally, would like to use the same key pair for the encrypt/decrypt as well.Thanks.
The text was updated successfully, but these errors were encountered: