This is an ECIES Go implementation, a hybrid asymmetric–symmetric key encryption algorithm based on the Diffie–Hellman key exchange, specifically uses one of the following combinations:
- Mode P256
- P-256 curve (FIPS 186-3, section D.2.3)
- AES-128 for symmetric encryption with the CTR (Counter) mode
- Poly1305 for message aunthentication (MAC with 32-bit key with length of 16bytes, i.e. 128 bits)
- SHA-256 for hashing and key-derivation function
- Mode P521
- P-521 curve (FIPS 186-3, section D.2.5)
- AES-256 for symmetric encryption with the CTR (Counter) mode
- Poly1305 for message aunthentication (MAC with 32-bit key with length of 16bytes, i.e. 128 bits)
- SHA-512 for hashing and key-derivation function
- Run
go get golang.org/x/crypto
(included Poly1305 MAC)
- Run
go build -o ./ecies *.go
to compile all related .go files
- Run
./ecies -en -in=<input_file> -out=<output_file> -pub=<path_to_public_key>
for encryption - Run
./ecies -de -in=<input_file> -out=<output_file> -prv=<path_to_private_key>
for decryption - Optionally, you can also:
- Use
-mode
to specify whether to use curve P-521 with AES-256 and SHA-512 (-mode=P521
) or P-256 with AES-128 and SHA-256 (-mode=P256
). SHA-512 or SHA-256 only applies to hashing, for MAC, Poly1305 is used in both cases. - Use the
-hex
flag to encode encrypted ciphertext to hex encoding, or decode ciphertext for decription from hex encoding. IMPORTANT You must specify the same mode for both encryption and decryption, otherwise, you will encounter "Incorrect public key" error. - Use the
-generate-key-pair
flag to generate new pair of private and public key. In such case,-prv
and-pub
specify the path for the generate private key, respectively public key
- Use
- Alternatively, you can run:
./ecies -generate-key-pair -mode=<P256||P521> -prv=<output_private_key_path> -pub=<output_public_key_path>
to generate new key pair
-mode
: P256-hex
: False-generate-key-pair
: False-prv
: key.pem-pub
: key.pub-in
: file.txt-out
: out.out
./ecies -en -in=file.txt -out=out.out -generate-key-pair -hex -mode=P521
generates new private and public key storred as key.pem and key.pub encrypts file.txt to hexadecimal out.out using mode P521../ecies -de -in=out.out -out=decrypted.txt -hex -mode=P521
decrypts hexadecimal out.out into decrypted.txt using default key.pem (public key not required for decryption)../ecies -generate-key-pair -prv=p256-key.pem -pub=p256-key.pub
generates new key pair for EC P-256 and saves the keys in "p256-key.pem" and "p256-key.pub".
- For more info run
./ecies -h
- Aumasson, J.P. - Serious Cryptography: A Practical Introduction to Modern Encryption
- Gayoso Martínez, Víctor & Hernandez Encinas, Luis & Sánchez Ávila, Carmen. (2010). A Survey of the Elliptic Curve Integrated Encryption Scheme. Journal of Computer Science and Engineering. 2. 7-13. Downloaded here
- Integrated Encryption Scheme (Wikipedia)