[Cryptography-dev] Elliptic curve ECIES implementation
Paul Kehrer
paul.l.kehrer at gmail.com
Tue Mar 21 14:14:55 EDT 2017
Hi Adam,
Thanks for the offer! Our general criteria for inclusion of new hazmat
modules is roughly:
* It should be something people have a need for. This can be satisfied by
showing specs/protocols/etc that are in use that utilize the scheme (either
currently existing or upcoming and clearly relevant)
* It should (subject to the caveat that we do need to support the use cases
people have in real life) not be a giant footgun. Examples of things we'd
love to *not* support in cryptography but are forced to due to popularity:
RC4, PKCS1v1.5 padding, random obscure elliptic curves nobody uses.
* There should be test vectors available to confirm correctness. Preferably
from a source like NIST if possible, but worst case generated (and
verified) via multiple alternate implementations (we have examples of this
in our docs).
* If it isn't directly implemented in OpenSSL then we need to have some
degree of confidence it can be done safely (e.g. without introducing
exploitable side channels) via composition.
So what currently uses ECIES?
-Paul
On March 21, 2017 at 12:55:18 PM, French, Adam (afrench at illumina.com) wrote:
Hi everyone,
I’m currently working on a project where I need to use the cryptography
library to encrypt/decrypt a message using an elliptic curve key pair.
The ‘Asymmetric algorithms’ -> ‘RSA’ section of the official documentation
includes sections on RSA encryption/decryption using the OAEP scheme. In
contrast, the ‘Asymmetric algorithms’ -> ‘Elliptic curve cryptography’
section has no similar operations such as ECIES encryption and decryption.
I’ve written an implementation of the ECIES scheme for elliptic curve key
pairs which builds on the other primitives available through the
cryptography library.
My boss is happy for me to spend some time creating a pull request to share
the implementation with the community. Do people feel there would be
sufficient interest for this to be worthwhile? Is there a roadmap for
elliptic curve functionality that I should be aware of? It would be great
to know how the project intends to extend the elliptic curve interfaces in
the future.
Thank you very much for your help.
Cheers,
Adam
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev at python.org
https://mail.python.org/mailman/listinfo/cryptography-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20170321/61c5f5e3/attachment.html>
More information about the Cryptography-dev
mailing list