On Thu, Jul 07, 2005, Ladar Levison wrote: > Dr. Stephen Henson wrote: > >On Thu, Jul 07, 2005, Ladar Levison wrote: > > > > > >> > >>The code below works when I use the RSA key generation functions, but > >>when I try > >>to generate an ECC key, and use it, it doesn't work. I am using 0.9.8 > >>beta 6. > >> > >> EVP_SealInit(&ctx, EVP_aes_256_cbc(), ek, &out_len, &iv[0], &pkey, > >> npubk); > >> > > > > > >That's your problem there. Key transport (which EVP_SealInit uses) can > >only be > >done with RSA keys. > > > > This might be a dumb question, but what is `key transport` and why doesn't > ECC support it? > > Is this is a case where OpenSSL implementation of ECC doesn't support it, > or where ECC isn't a suitable algorithim to use for envelope encryption? >
Key transport is where some secret data (for example an AES key) is encrypted using a public key so that the intended recipient can recover it by decryption with a private key. The only algorithm that currently can do this in OpenSSL is RSA. I think there are some ECC algorithms that can be used for key transport (El Gamal?) but they aren't currently supported. Key agreement, where two parties agree on the same secret key, is supported using ECDH. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
